Il giorno mar, 06/11/2007 alle 13.55 -0800, Tom Eastep ha scritto:

> How exactly did you test these two configurations and what did you see
> that was different between the two? I ask because I don't see anything
> happening in one that isn't also happening in the other.
> 
> -Tom

I put the "working" confg files in /etc/shorewall with TC_EXPERT=Yes
and rebooted

I tried to telnet on port 25 from the internet to the dmz host and the
request timed out

I used "traceproto $VARIOUS_INTERNET_HOSTS -p tcp -d 25" from the dmz
host and all the requests got correctly routed through provider smrt1

I set TC_EXPERT=No and rebooted

I tried to telnet on port 25 from the internet to the dmz host and the
request was succesful

I used "traceproto $VARIOUS_INTERNET_HOSTS -p tcp -d 25" from the dmz
host and all the requests got correctly routed through provider smrt1

I changed the MARK number in providers from 1 to 256 and from 2 to 512,
changed the values accordingly in tcrules, added tcdevices and tcclasses
in /etc/shorewall, added the traffic shaping rules at the bottom of
tcrules and rebooted

I tried to telnet on port 25 from the internet to the dmz host and the
request was succesful

I used "traceproto $VARIOUS_INTERNET_HOSTS -p tcp -d 25" from the dmz
host and some requests went out through provider smrt1, some through
fweb1

The behaviour with HIGH_ROUTE_MARKS=1 is the same with TC_EXPERT=Yes and
TC_EXPERT=No

Cristian


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to