On 05/03/2012 06:46 PM, Lito Kusnadi wrote: > Hi Tom, > > Thank you. It turns out to be centos 5.8 build that causes the > segment to be out of order. I switched to centos 6.2 and the problem > is gone. > > One question about /etc/shorewall/providers: If I want to design in a > way that: a. THE DEFAULT traffic will go out using provider1 (no rule > need to be applied to tcrule or rtrule b. Use provider2 ONLY when i > define rules in tcrule c. I want to direct the traffic in (b) based > on outgoing ports d. Using the minimal amount of rules :) > > Is there a way i can achieve that? I can only find such note in the > doc: "... If you are using /etc/shorewall/providers because you have > multiple Internet connections, we recommend that you specify balance > even if you don't need it. You can still use entries in > /etc/shorewall/tcrules and /etc/shorewall/rtrules to force all > traffic to one provider or another..." > > Without specifying specific rule, the default behavior is load > balance hence 100:50 proportion for both providers. > > I guess I can make the proportion to be 100:1, but it still bleeds 1% > of the traffic to the other provider. >
You can specify 'balance' for one and 'fallback' for the other, which is what the "Complete Working Example" in the Multi-ISP doc does. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
