Jerry Vonau wrote: > Mike wrote: >> > Something is weird with this mail client.. had to copy & paste >> Mike wrote: >> I have tried the following for some test until Glenn and I try passing Tos >> bit through openvpn with the passtos directive which seems to be supported >> now with openvpn. In my case here there is traffic from >> 10.19.227.18 which is a pbs phone box with h323 udp traffic for voip and >> Remote Desktop 3389 no other traffic but these two above. >> When you state "And you probably also want to give the open VPN traffic >> itself (usually UDP 1194) a boost on the external interface." >> Would the two rules work below >> 2:11 10.19.227.18 0.0.0.0/0 ALL >> 3:11 10.19.227.18 0.0.0.0/0 ALL >> > I think Tom is referring to openvpn traffic carried on port 1194 > between the firewalls. That source would be the external interface and > not the phone box. I'm not quite up-to-date on the Qos stuff, but I > think the rule would look like: > 2:11 $FW 0.0.0.0/0 udp 1194 > 3:11 $FW 0.0.0.0/0 udp 1194
Need to place the interface name in the DEST column 2:11 $FW eth0 udp 1194 3:11 $FW eth1 udp 1194 I haven't had time to follow this thread closely so I don't know if only one of those needs to be there (you only need it on the external interface(s) that handle(s) the VPN traffic). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users