>>> No -- eth1 and ifb1 are the *only* interfaces involved when 10.1.1.12 >>> communicates with 212.58.254.251. eth0 and ifb0 are *not* involved. >>> >>> [...] >>> >>> In tcrules for eth0, the source IP is 10.1.1.12 and the dest IP is >>> 212.58.254.251. >>> >>> For tcfilters for ifb0, the source IP is 212.58.254.251 and the dest IP >>> is 10.1.2.7. >>> >>> >> So, in other words, even though only eth1 and ifb1 are involved I have >> to use eth0 class in tcrules (out of eth0's quota!) and ifb0 class in >> tcfilters (out of ifb0's quota) to capture and "shape" traffic even >> though neither interfaces take part in the net flow, is that right? >> > > eth0 and ifb0 are not involved and you need no eth0/ifb0 > tcrules/tcfilters for 10.1.1.12<->212.58.254.251 communication. > Ah, OK! I am glad that has been clarified as otherwise it didn't make sense at all!
So, for outbound communication between eth0:10.1.1.12 (which is SNATed to eth1:10.1.2.7) I should use "eth1:12 ..." class in tcrules and for inbound "ifb1:12 ..." in tcfilters then, is that right? ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
