James Gray wrote: > > Ok, that makes sense - and explains why you separated the > routing/filtering with the HIGH_ROUTE_MARKS options. Now, suppose I > replace my provider marks with 0x100 and 0x200, instead of 1 and 2 > respectively (and set HIGH_ROUTE_MARKS=Yes), the tcrules file would > look the same except for the first 3 PREROUTING rules right? Like this: > > #MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS > # PORT PORT > # Route default traffic to ISP2 > 0x200:P $ANY_IP > > # Route traffic to ISP1 > 0x100:P $LAN_NETWORK $ANY_IP tcp 22 > 0x100:P $LAN_NETWORK $ANY_IP tcp 80,443
Yes. > > No problem. Once I have this in and working, I'll put some "put flange > 'A' into slot 'B' type instructions" ;) > Great. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
