Il giorno mar, 06/11/2007 alle 13.55 -0800, Tom Eastep ha scritto: > How exactly did you test these two configurations and what did you see > that was different between the two? I ask because I don't see anything > happening in one that isn't also happening in the other. > > -Tom
I put the "working" confg files in /etc/shorewall with TC_EXPERT=Yes and rebooted I tried to telnet on port 25 from the internet to the dmz host and the request timed out I used "traceproto $VARIOUS_INTERNET_HOSTS -p tcp -d 25" from the dmz host and all the requests got correctly routed through provider smrt1 I set TC_EXPERT=No and rebooted I tried to telnet on port 25 from the internet to the dmz host and the request was succesful I used "traceproto $VARIOUS_INTERNET_HOSTS -p tcp -d 25" from the dmz host and all the requests got correctly routed through provider smrt1 I changed the MARK number in providers from 1 to 256 and from 2 to 512, changed the values accordingly in tcrules, added tcdevices and tcclasses in /etc/shorewall, added the traffic shaping rules at the bottom of tcrules and rebooted I tried to telnet on port 25 from the internet to the dmz host and the request was succesful I used "traceproto $VARIOUS_INTERNET_HOSTS -p tcp -d 25" from the dmz host and some requests went out through provider smrt1, some through fweb1 The behaviour with HIGH_ROUTE_MARKS=1 is the same with TC_EXPERT=Yes and TC_EXPERT=No Cristian ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
