On 03/13/2012 01:07 PM, Fred Maillou wrote: > The use case is applying DNAT in firewall rules for a certain traffic. > Traffic control is also wished for the same traffic, as well as DSCP > marking. And so, there is a tcrule that will mark those packets to be > routed to a class and, there will be another rule that will take > effect on that very same mark whose purpose is to apply an egress DSCP > mark. In this case, must the 100 mark absolutely needs to be applied > in the POSTROUTING chain ? In doing so the mark is certainly not > observed, but feels natural for DNAT purposes. > > rules > #ACTION SOURCE DEST PROTO > DNAT lan:172.59.11.0/24 net:172.59.10.102 all > > tcclasses > #INTERFACE MARK RATE CEIL PRIORITY > fe-4-1 100 full*70/100 full 1 > > tcrules > #MARK SOURCE DEST PROTO DPORT SPORT USER TEST > 100:T 172.59.11.101 172.59.10.102 all - - - > DSCP(EF) 0.0.0.0/0 0.0.0.0/0 all - - - 100
You want:
#MARK SOURCE DEST PROTO DPORT SPORT USER TEST
100:T 172.59.11.101 172.59.10.102 all - - -
DSCP(EF):T 0.0.0.0/0 0.0.0.0/0 all - - - 100
--
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
