Craig M. Nicholson wrote: > Hi Tom, > >> Sorry -- I can't comment without seeing a 'shorewall dump' collected > as >> described in great detail at >> http://www.shorewall.net/support.htm#guidelines. Also: > > Yeah I understand that but my dump is really large, complicated and > might contain business sensitive information which I don't feel is a > good idea to place on a public mailing list. > > >> a) Why are you specifying 'loose'? > > The providers file documents the loose option as: > > "Normally, Shorewall adds routing rules to prohibit firewall marks from > working with traffic generated on the firewall itself. By setting the > 'loose' option, generation of these rules is avoided." > > If I am interpreting this correctly the loose option is needed if you > want to mark traffic originating on the firewall itself. I use this to > force certain of my squid traffic (originating on the firewall itself) > out of my eth1 interface and the remainder out of my ppp0 interface.
Don't know what version of the code you are running but the current providers
file doesn't say that.
Here's what the Multi-ISP documentation says:
loose
Do not include routing rules that force traffic whose source IP is an
address of the INTERFACE to be routed to this provider. Useful for defining
providers that are to be used only when the appropriate packet mark is
applied.
If you get rid of 'loose', it should work.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
