On Tue, 2008-07-01 at 11:59 -0700, Tom Eastep wrote: > > Consider the case of a transparent Squid proxy in the local net.
Indeed. This is one use-case I've never played with. I'm surprised to discover that it's achieved using a "provider", but can see how/why. > The > recommended rule there is > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS > Squid 1 202 - eth1 192.168.1.3 loose > > Packets with mark 202 are sent to 192.168.1.3 regardless of the destination > IP address. Under the new scheme (I'm currently calling the option > ROUTING_NG), packets with mark 202 are sent to 192.168.1.3 *only if there is > no route to the destination IP address in the main routing table*. Indeed, because the packet needs to pass through the main table before it will get to a provider table. > So the new behavior is definitely different and incompatible with the old > behavior. I wonder if a new field (yeah, not terribly desirable, but we are proposing removing a field at the same time) to the providers table to flag whether the provider is subject to the main table or overrides it. b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
