On May 13, 2011, at 8:57 AM, Mr Dash Four wrote: > >>>> No -- eth1 and ifb1 are the *only* interfaces involved when 10.1.1.12 >>>> communicates with 212.58.254.251. eth0 and ifb0 are *not* involved. >>>> >>>> [...] >>>> In tcrules for eth0, the source IP is 10.1.1.12 and the dest IP is >>>> 212.58.254.251. >>>> >>>> For tcfilters for ifb0, the source IP is 212.58.254.251 and the dest IP >>>> is 10.1.2.7. >>>> >>> So, in other words, even though only eth1 and ifb1 are involved I have to >>> use eth0 class in tcrules (out of eth0's quota!) and ifb0 class in >>> tcfilters (out of ifb0's quota) to capture and "shape" traffic even though >>> neither interfaces take part in the net flow, is that right? >>> >> >> eth0 and ifb0 are not involved and you need no eth0/ifb0 >> tcrules/tcfilters for 10.1.1.12<->212.58.254.251 communication. >> > Ah, OK! I am glad that has been clarified as otherwise it didn't make sense > at all! > > So, for outbound communication between eth0:10.1.1.12 (which is SNATed to > eth1:10.1.2.7) I should use "eth1:12 ..." class in tcrules and for inbound > "ifb1:12 ..." in tcfilters then, is that right?
Assumeing that class 12 is the correct one, yes. Just keep in mind that the source IP for eth1:12 will be 10.1.1.12 where as on ifb1:12, the destination IP will be 10.1.2.7 (the two are not symmetric). -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
