I was previously using multiple providers on my "real linux" gateway which had a kernel that supported high marks and I was policy routing in tcrules. I've now moved to openwrt where their kernel apparently does not have high marks.
I want to continue to be able to have multiple providers and a) policy route between them and b) be able to set marks for other things like traffic shaping. I can see that iptables is quite capable of both setting and matching marks with masks, so I was thinking that I could just just use, say the two high order bits of the mark (technically I only need the one high order bit as I only have two providers, but provider marks seem to need to be 1-5). Or do I need to do any of this? If I want to policy route in tcrules with: 64:P 0.0.0.0/0 64 $FW And then I want to further use marking for say traffic shaping, if I write a mark in the FORWARD chain with something like: # Ping (a silly rule to prove that shaping works) 1 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1 0.0.0.0/0 0.0.0.0/0 icmp echo-reply Does it matter that it will overwrite the "64" mark? The routing decsion (i.e. ip rule) is done by then isn't it? If it does, I have to fallback to being able to write that one but with a mask of 0x3f: # Ping (a silly rule to prove that shaping works) 1/0x3f 0.0.0.0/0 0.0.0.0/0 icmp echo-request 1/0x3f 0.0.0.0/0 0.0.0.0/0 icmp echo-reply But then the question becomes, can an ip rule be written to only look at the fwmark with a mask, and can shaping rules be done to do the same? Thots? b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
