On 4/6/11 7:02 AM, Pedro Bulach Gapski wrote: > Hello shorewall-users, > > The Problem > > I have a box with 3 network interfaces: > * eth0 -> ISP 1 > * eth1 -> ISP 2 > * eth2 -> local network > This box runs asterisk, and I would like to balance SIP and RTP > traffic on both ISPs. > > Solution Rationale > > I have configured both ISPs on the providers file, hence shorewall > will (route) balance packets on both interfaces. Since I do not know > in advance the interface the packets will flow out, I would like to > let shorewall do its magic with the first packet, and put a connection > mark on the packet when it comes back from one of the ISPs, and then > use this connection mark to assure following packets keep flowing to > the same interface. > > Implementation Attempt > > Attached follows my shorewall dump. Here I briefly discuss what I > consider to be the main aspect of the solution. > Except from tcrules: > ### interface selection rules > ### route packages thru selected interfaces > RESTORE - - all - - - 0 > CONTINUE - - all - - - !0 > # the first sip packet will leave by any of the connections > # when we get a sip response, mark the connection > # based on the interface it comes in. > 0x100 eth0 - udp 5060 > 0x200 eth1 - udp 5060 > # save connection mark > SAVE - - udp 5060 > > This (tries to) implement the solution rationale. However, no packets > are marked by the high-mark rules (by shorewall show mangle). > > Can someone help me spot what I am missing, or a better approach?
Simply set the 'track' and 'balance' options on both providers and Shorewall will do this for you. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
