On 04/07/2011 12:25 PM, Pedro Bulach Gapski wrote: > Step 3 was done with shorewall. A standard configuration was used as the base: > a. interfaces listed in the providers file; > b. traffic shaping in tcrules. > > Additionally, an extension script was used to bind each SIP trunk to a > different interface, using iptables -m string extensions. I ended > using the 'started' shorewall entry-point with the following > configuration: > run_iptables -t mangle -A OUTPUT -d 200.219.209.250 -p udp --dport > 5060 -m string --string "<sip:[email protected]>" --algo bm -j > MARK --set-mark 0x100 > run_iptables -t mangle -A OUTPUT -d 200.219.209.250 -p udp --dport > 5060 -m string --string "<sip:[email protected]>" --algo bm -j > MARK --set-mark 0x200 > run_iptables -t mangle -A OUTPUT -d 200.219.209.250 -p udp --dport > 5060 -j CONNMARK --save-mark
One usually doesn't use run_iptables() in the 'started' script; that is only appropriate in the 'start' script. In 'started', simply use $IPTABLES (e.g., $IPTABLES -t mangle -A OUTPUT ...) -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
