On 2/15/2015 3:27 PM, [email protected] wrote: > Hallo, > > I'm updating some shorewall firewalls from CentOS6 to CentOS7. They have > multiple internet providers. > With CentOS6 kernel, routes were cached, and the same target was always > reached via the same internet provider and the same IP. In linux-3.6, > routing cache was removed, and I'm facing problems in CentOS7 accessing > services which track where a client is coming from. > The routing cache solution was sub-optimal, since all the sources were going > to use the same provider to access the same host, but it did work. I worked > around the problem by statically defining which provider to use to access > the problematic services, changing the provider when needed (see LSM 0.178 > and 0.179). But again this solution is not optimal. > So, is it possible in Shorewall to make sure that the same triplet (source > ip, dest ip, dest port) will always go with the same provider? >
Have you looked at the SAME action in the mangle/tcrules file? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
