Can I force traffic down a specific ISP using classification more reliably than with plain marking? As per my last thread (Multi-ISP+ Traffic Shaping) I am having trouble in multi-ISP setup in forcing specific traffic down one ISP or the other. Ideally with a catchall for any unmarked/unclassified traffic.
From the way I read http://shorewall.net/3.0/traffic_shaping.htm using classification should enable me to define the outbond interface as well as the traffic shaping rules that should be applied. Is that the correct interpretation? For instance, if I have: tcdevices: #INTERFACE IN-BANDWITH OUT-BANDWIDTH $NET_IF1 $NET_IF1_IN $NET_IF1_OUT $NET_IF2 $NET_IF2_IN $NET_IF2_OUT tcclasses: #INTERFACE MARK RATE CEIL PRIORITY OPTIONS # First ISP - ADSL2+ with a quota $NET_IF1 10 full full 1 tcp-ack,tos-minimize-delay $NET_IF1 20 6*full/10 9*full/10 2 $NET_IF1 30 3*full/10 6*full/10 3 default # Second ISP - ADSL1 without a quota $NET_IF2 40 full full 4 tcp-ack,tos-minimize-delay $NET_IF2 50 6*full/10 9*full/10 5 default tcrules: #MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS # PORT PORT # Catchall rules - anything unclassifed gets the unmetered (slow) link 2:150 $ANY_IP # The rest of the rules 2:150 $LAN_NETWORK $ANY_IP udp $GAMES 2:150 $LAN_NETWORK $ANY_IP tcp $GAMES 2:150 $LAN_NETWORK $ANY_IP udp $P2P 2:150 $LAN_NETWORK $ANY_IP tcp $P2P 2:150 $LAN_NETWORK $ANY_IP udp $IM 2:150 $LAN_NETWORK $ANY_IP tcp $IM 2:150 $LAN_NETWORK $ANY_IP tcp $ALLMAIL 2:140 $LAN_NETWORK $ANY_IP tcp $STREAM 1:130 $LAN_NETWORK $ANY_IP tcp nntp 1:130 $DMZ1_NETWORK $ANY_IP tcp $ALLMAIL 1:120 $LAN_NETWORK $ANY_IP tcp $FTP 1:120 $LAN_NETWORK $ANY_IP tcp $WWW 1:120 $LAN_NETWORK $ANY_IP tcp ssh - - - 513: 1:110 $LAN_NETWORK $ANY_IP tcp domain 1:110 $LAN_NETWORK $ANY_IP udp domain 1:110 $LAN_NETWORK $ANY_IP tcp ssh - - - 0:512 Is that a better way of over-riding (forcing) the routing? I know the classification step occurs in the POSTROUTING chain which makes me doubt the success of this approach (above). However, I can't seem to implement BOTH multi-ISP routing *AND* traffic shaping. In my last thread, Jerry Vonau suggested using the interface mark in the PREROUTING chain to send the traffic down one ISP or the other. This worked, but didn't implement traffic shaping :( Consequently, our SSH sessions all went to hell :-/ So if Jerry was 1/2 right, then maybe I need to specify the shaping in a second set tcrules like this (using the same tcclasses and tcdevices above): # Force ssh down ISP1 1:P $LAN_NETWORK $ANY_IP tcp ssh ... # Make sure ssh has prority on ISP1 10 $LAN_NETWORK $ANY_IP tcp ssh Any further insight would be very much appreciated. Cheers, James ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
