> Da: Tom Eastep [mailto:[email protected]] > Inviato: lunedì 16 febbraio 2015 19:00 > > On 2/15/2015 3:27 PM, [email protected] wrote: > > Hallo, > > > > I'm updating some shorewall firewalls from CentOS6 to CentOS7. They > > have multiple internet providers. > > With CentOS6 kernel, routes were cached, and the same target was > > always reached via the same internet provider and the same IP. In > > linux-3.6, routing cache was removed, and I'm facing problems in > > CentOS7 accessing services which track where a client is coming from. > > The routing cache solution was sub-optimal, since all the sources were > > going to use the same provider to access the same host, but it did > > work. I worked around the problem by statically defining which > > provider to use to access the problematic services, changing the > > provider when needed (see LSM 0.178 and 0.179). But again this solution is > not optimal. > > So, is it possible in Shorewall to make sure that the same triplet > > (source ip, dest ip, dest port) will always go with the same provider? > > > > Have you looked at the SAME action in the mangle/tcrules file?
Unfortunately no; I'll do it now. But I fear 300 seconds timeout can be too low. Take for example an application like a webmail: one can easily return to it after an hour or so, and it could be annoying if it requires a new authentication almost every time. I think it should not be much difficult to add an argument to SAME representing the timeout, if I find it is really needed. Anyway, it could be nice to have the ability to assign addresses/ports to ipsets in mangle, like we do to mark packets (low priority, kind feature request). Thank you Luigi ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
