Thanks! It was not clear from the latest tcrules.annotated that the chain
options were also available for DSCP marking.
________________________________
De : Tom Eastep <[email protected]>
À : [email protected]
Envoyé le : mardi 13 mars 2012 16h18
Objet : Re: [Shorewall-users] Re : tcrules and test
On 03/13/2012 01:07 PM, Fred Maillou wrote:
> The use case is applying DNAT in firewall rules for a certain traffic.
> Traffic control is also wished for the same traffic, as well as DSCP
> marking. And so, there is a tcrule that will mark those packets to be
> routed to a class and, there will be another rule that will take
> effect on that very same mark whose purpose is to apply an egress DSCP
> mark. In this case, must the 100 mark absolutely needs to be applied
> in the POSTROUTING chain ? In doing so the mark is certainly not
> observed, but feels natural for DNAT purposes.
>
> rules
> #ACTION SOURCE DEST PROTO
> DNAT lan:172.59.11.0/24 net:172.59.10.102 all
>
> tcclasses
> #INTERFACE MARK RATE CEIL PRIORITY
> fe-4-1 100 full*70/100 full 1
>
> tcrules
> #MARK SOURCE DEST PROTO DPORT SPORT USER TEST
> 100:T 172.59.11.101 172.59.10.102 all - - -
> DSCP(EF) 0.0.0.0/0 0.0.0.0/0 all - - - 100
You want:
#MARK SOURCE DEST PROTO DPORT SPORT USER TEST
100:T 172.59.11.101 172.59.10.102 all - - -
DSCP(EF):T 0.0.0.0/0 0.0.0.0/0 all - - - 100
--
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
