Hello Tom, On Wed, Apr 6, 2011 at 11:53 AM, Tom Eastep <[email protected]> wrote: > On 4/6/11 7:02 AM, Pedro Bulach Gapski wrote: >> Hello shorewall-users, >> >> The Problem >> >> I have a box with 3 network interfaces: >> * eth0 -> ISP 1 >> * eth1 -> ISP 2 >> * eth2 -> local network >> This box runs asterisk, and I would like to balance SIP and RTP >> traffic on both ISPs. >> >> Solution Rationale >> >> I have configured both ISPs on the providers file, hence shorewall >> will (route) balance packets on both interfaces. Since I do not know >> in advance the interface the packets will flow out, I would like to >> let shorewall do its magic with the first packet, and put a connection >> mark on the packet when it comes back from one of the ISPs, and then >> use this connection mark to assure following packets keep flowing to >> the same interface. >> >> Implementation Attempt >> >> Attached follows my shorewall dump. Here I briefly discuss what I >> consider to be the main aspect of the solution. >> Except from tcrules: >> ### interface selection rules >> ### route packages thru selected interfaces >> RESTORE - - all - - - 0 >> CONTINUE - - all - - - !0 >> # the first sip packet will leave by any of the connections >> # when we get a sip response, mark the connection >> # based on the interface it comes in. >> 0x100 eth0 - udp 5060 >> 0x200 eth1 - udp 5060 >> # save connection mark >> SAVE - - udp 5060 >> >> This (tries to) implement the solution rationale. However, no packets >> are marked by the high-mark rules (by shorewall show mangle). >> >> Can someone help me spot what I am missing, or a better approach? > > Simply set the 'track' and 'balance' options on both providers and > Shorewall will do this for you.
I already have. I must be missing something obvious, but I see no traffic flowing thru eth1. Will the route cache keep *all* traffic from localhost to the same outside host on the same interface for good? > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
