On 09/27/2017 06:00 AM, Vieri Di Paola via Shorewall-users wrote: > Hi again, > > It seems that I'm getting mixed results. According to the dump I'm posting in > the link below, shouldn't a host accessing 193.104.0.136 on port 443 go out > provider marked as 3? > > The dump was taken while trying to open https site at 193.104.0.136 from > 10.215.144.48. > > https://drive.google.com/open?id=0B-tpkY1LkI67X0FzWnRMSFRYd1E > > I had mixed results. Sometimes traffic is going out provider 3, and at times > it's going out another provider. > > So my previous posts are probably "wrong" in that the netmask has nothing to > do with the issue I'm seeing. > > Even if I balance traffic in the providers file, I require traffic to > 193.104.0.136 to *always* go out provider 3. >
Remember that MARK is not a terminating target -- so the *last* MARK rule to match the packet is the one that assigns the mark. Your statistical MARK rules are overwriting your intended mark values most of the time. You need to populate the TEST column of your route marking rules to stop this unintended overwriting of previously assigned marks. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
