Re: [Shorewall-users] Asterisk IAX and Shorewall QoS ?

Noc Phibee Wed, 24 Jan 2007 21:10:14 -0800

Ok ;=)

now:



Chain tcout (1 references)
 pkts bytes target     prot opt in     out     source               
destination
 1329  159K MARK       udp  --  *      *       0.0.0.0/0            
0.0.0.0/0           TOS match 0x10 udp dpt:4569 MARK set 0x1

Chain tcpost (1 references)
 pkts bytes target     prot opt in     out     source               
destination
 1329  159K CLASSIFY   all  --  *      eth0    0.0.0.0/0            
0.0.0.0/0           MARK match 0x1/0xff CLASSIFY set 1:11
    0     0 CLASSIFY   all  --  *      eth0    0.0.0.0/0            
0.0.0.0/0           MARK match 0x2/0xff CLASSIFY set 1:12
    0     0 CLASSIFY   all  --  *      eth0    0.0.0.0/0            
0.0.0.0/0           MARK match 0x3/0xff CLASSIFY set 1:13
    0     0 CLASSIFY   all  --  *      eth0    0.0.0.0/0            
0.0.0.0/0           MARK match 0x4/0xff CLASSIFY set 1:14

i put on tcrules:
1       $FW     0.0.0.0/0       udp     4569    -       -       -       
-       16




Alexander Wilms a écrit :
> On Wednesday 24 January 2007 18:50, Tom Eastep wrote:
>   
>> Noc Phibee wrote:
>>     
>>> i don't know if it's important, but the asterisk server are on the same
>>> serveur of shorewall
>>>       
>
> bingo...
>
>   
>> From the comments at the top of /etc/shorewall/tcrules:
>>
>> #                       For example, all packets
>> #                       for connections masqueraded to eth0 from other
>> #                       interfaces can be matched in a single rule with
>> #                       several alternative SOURCE criteria. However, a
>> #                       connection whose packets gets to eth0 in a
>> #                       different way, e.g., direct from the firewall
>> #                       itself, needs a different rule.
>> #
>> #                       Accordingly, use $FW in its own separate rule for
>> #                       packets originating on the firewall. In such a
>> rule, #                       the MARK column may NOT specify either ":P"
>> or ":F" #                       because marking for firewall-originated
>> packets #                       always occurs in the OUTPUT chain.
>> #
>>
>> In other words, you need $FW in the SOURCE column for rules governing
>> traffic that originates on the firewall itself.
>>     
> ...bongo :-)
>
>   
>> -Tom
>>     
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>   


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Asterisk IAX and Shorewall QoS ?

Reply via email to