David,
Thanks for the help.
"shorewall show mangle" gives me below. Is this what you would expect
with $FW as the source?
Chain tcout (1 references)
pkts bytes target prot opt in out source
destination
0 0 MARK udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:4569 MARK set 0x1
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:4569 MARK set 0x1
0 0 MARK udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:5060 MARK set 0x1
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:5060 MARK set 0x1
0 0 MARK icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 MARK set 0x2
0 0 MARK icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 0 MARK set 0x2
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:20 MARK set 0x3
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21 MARK set 0x3
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 MARK set 0x3
0 0 MARK all -- * * 0.0.0.0/0
0.0.0.0/0 MARK match !0x0/0xffff MARK set 0x4
Jim
David Mohr wrote:
> On 1/19/07, Jim Duda <[EMAIL PROTECTED]> wrote:
>> David,
>>
>> Like this ?
>>
>> 1 $FW 0.0.0.0/0 udp 4569
>> 1 $FW 0.0.0.0/0 tcp 4569
>> 1 $FW 0.0.0.0/0 udp 5060
>> 1 $FW 0.0.0.0/0 tcp 5060
>> 2 $FW 0.0.0.0/0 icmp echo-request
>> 2 $FW 0.0.0.0/0 icmp echo-reply
>> 3 $FW 0.0.0.0/0 tcp 20
>> 3 $FW 0.0.0.0/0 tcp 21
>> 3 $FW 0.0.0.0/0 tcp 22
>> 4 $FW 0.0.0.0./0 all - - - !0
>
> Yes, and of course that's also documented in shorewall's traffic shaping page.
>
>> Jim
>>
>> David Mohr wrote:
>>> Hi,
>>> I can only point out one gotcha that I also ran into:
>>>
>>> On 1/19/07, Jim Duda <[EMAIL PROTECTED]> wrote:
>>>
>>>> I'm having troubles with my outbound VOIP connection. I'm convinced
>>>> that I don't have QOS/traffic shaping configured properly in my
>>>> shorewall linux firewall, which serves as my Asterisk VOIP server and
>>>> Internet router/gateway. I don't have a separate router box. I've been
>>>>
>>>> ... [cut] ...
>>>>
>>>> /etc/shorewall/tcrules:
>>>> 1 0.0.0.0/0 0.0.0.0/0 udp 4569
>>>> 1 0.0.0.0/0 0.0.0.0/0 tcp 4569
>>>> 1 0.0.0.0/0 0.0.0.0/0 udp 5060
>>>> 1 0.0.0.0/0 0.0.0.0/0 tcp 5060
>>>> 2 0.0.0.0/0 0.0.0.0/0 icmp echo-request
>>>> 2 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
>>>> 3 0.0.0.0/0 0.0.0.0/0 tcp 20
>>>> 3 0.0.0.0/0 0.0.0.0/0 tcp 21
>>>> 3 0.0.0.0/0 0.0.0.0/0 tcp 22
>>>> 4 0.0.0.0/0 0.0.0.0./0 all - - - !0
>>>>
>>> Since the traffic originates on the firewall, you need to specify $FW
>>> as the source in tcrules, or it won't mark the traffic.
>>>
>>> Hope that helps!
>>>
>>> ~David
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
