The use case is applying DNAT in firewall rules for a certain traffic.
Traffic control is also wished for the same traffic, as well as DSCP
marking. And so, there is a tcrule that will mark those packets to be
routed to a class and, there will be another rule that will take
effect on that very same mark whose purpose is to apply an egress DSCP
mark. In this case, must the 100 mark absolutely needs to be applied
in the POSTROUTING chain ? In doing so the mark is certainly not
observed, but feels natural for DNAT purposes.
rules
#ACTION SOURCE DEST PROTO
DNAT lan:172.59.11.0/24 net:172.59.10.102 all
tcclasses
#INTERFACE MARK RATE CEIL PRIORITY
fe-4-1 100 full*70/100 full 1
tcrules
#MARK SOURCE DEST PROTO DPORT SPORT USER TEST
100:T 172.59.11.101 172.59.10.102 all - - -
DSCP(EF) 0.0.0.0/0 0.0.0.0/0 all - - - 100
Thanks.
________________________________
De : Tom Eastep <[email protected]>
À : [email protected]
Envoyé le : mardi 13 mars 2012 15h43
Objet : Re: [Shorewall-users] tcrules and test
On 03/13/2012 12:07 PM, Fred Maillou wrote:
> Hello,
>
> Can the test of tcrules be used to detect packets in POSTROUTING ?
>
I don't understand the question.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
