On 8/6/10 7:00 AM, Thomas Mueller wrote: > > FW: 192.168.236.1 > Uploader: 192.168.236.31 >
Then the CONNBYTES rule must be in the FORWARD chain (:F) or in the POSTROUTING chain (:T). By default (with MARK_IN_FORWARD_CHAIN=No), marking is done in the PREROUTING chain. Because of limitations in Linux traffic shaping which have only recently been eliminated, Shorewall clears all marks in forwarded packets after they have been routed. Beginning with Shorewall 4.4.10, you can set CLEAR_FORWARD_MARKS=No in shorewall.conf to prevent the marks from being cleared after routing. This is only allowed if your iproute and kernel are recent enough. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
