Mike wrote:
> Tom
> Following your logic above would be:
> 2:11 $FW eth0 udp 1194
> 3:11 $FW tun1 udp 1194
> tun1 is the third interface listed in tcdevices
Mike,
Please don't post your reply below the "--". Most mailers delete that part
of the post when replying.
Your rule for tun1 is silly; no udp 1194 traffic will go THROUGH the tunnel.
That protocol/port is used to carry the tunneled traffic itself.
-Tom
Then would this make sense:
<snip from mangle>
Chain tcpost (1 references)
pkts bytes target prot opt in out source
destination
436 20588 CLASSIFY all -- * * 10.19.227.18
0.0.0.0/0 CLASSIFY set 3:11
284 34640 CLASSIFY udp -- * eth1 0.0.0.0/0
0.0.0.0/0 multiport dports 7788 CLASSIFY set 2:11
3 258 CLASSIFY all -- * * 10.19.227.4
10.194.79.55 CLASSIFY set 3:11
3 258 CLASSIFY all -- * * 10.19.227.4
10.194.79.55 CLASSIFY set 3:11
0 0 CLASSIFY all -- * * 10.192.139.240
0.0.0.0/0 CLASSIFY set 2:11
3:11 10.19.227.18 0.0.0.0/0 ALL -----any thing
destin from voip box to anywhere through tun1
gets a packet mark of '1'
2:11 $FW eth1 udp 7788 ---note
not 1194
#INTERFACE IN-BANDWITH OUT-BANDWIDTH
eth0 3000kbit 1152kbit
eth1 768kbit 768kbit
tun1 768kbit 768kbit
tun2 768kbit 768kbit
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
eth0 1 full full 1
eth0 2 full/4 full 2
eth0 3 full/4 full 3 default
eth0 4 full/8 full*8/10 4
#
#
eth1 1 full full 1
eth1 2 full/4 full 2
eth1 3 full/4 full 3 default
eth1 4 full/8 full*8/10 4
##
#
tun1 1 full full 1
tun1 2 full/4 full 2 default
tun1 3 full/8 full*8/10 3
#
tun2 1 full full 1
tun2 2 full/4 full 2 default
tun2 3 full/8 full*8/10 3
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users