Tom Eastep wrote: > On Fri, 2007-08-17 at 13:30 +1000, James Gray wrote: >> Can I force traffic down a specific ISP using classification more >> reliably than with plain marking? > > Classification has absolutely nothing to do with ISP selection. It > rather selects a class for traffic shaping but the traffic must be going > to that interface already (as a result of marking/routing).
Yep - that's what I thought too (classification happens in POSTROUTING so the route selection has already been made). So I am still stuck with the original problem: I can't get specific traffic (layer 4) to be routed down a specific ISP. Marking didn't work (in the FORWARD chain), and marking a packet with the provider mark in PREROUTING seems to bypass the traffic shaping. So three questions: 1. If I mark a packet with the provider's mark, rather than the mark in tcclasses, what happens (specifically with regard to shaping)? 2. What is the purpose of having a tcclasses mark associate with an interface, if you can't guarantee the packets with that mark go out the specified interface? (Or can you?) 3. If I can't force traffic down an particular ISP with a tcrule mark or a provider mark, should I be doing this in the route_rules? (But route_rules doesn't provide for layer 4 matching). Maybe I've been looking at this too long :( Thanks in advance, James ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
