Re: [Shorewall-users] restructure routing rules

Tue, 15 Jul 2008 12:01:41 -0700 

Jerry Vonau wrote:



Getting the "squid in loc" to work with "loose" took a bit of effort 
but that works now.  Give me a bit, I'll have some config info that 
worked for me if you want.

Please -- I haven't tested that configuration.


Just a quick summary..




providers:
ETH1    1       1       -       $EXTDEV         24.78.192.1  track,balance=10
ETH0    2       2       -       $LOCDEV         $LOCGW           track,balance=1
bal     5       5       -       $LOCDEV         $SQUID           loose  



The squid box is a subject for another thread, two gateway on the same 
lan using ip-aliases on one interface, hence the 10,11 addresses below. 
.10 using the same .1 gateway, while .11 using .75(here) as a gateway.


tcrules:
... old test stuff
1:P     10.3.0.0/24     0.0.0.0/0       all     -       -       -       
1:P     10.3.0.10       0.0.0.0/0       all     -       -       -
2:P     10.3.0.11       0.0.0.0/0       all     -       -       -       
5:P     10.3.0.10       0.0.0.0/0       tcp     -       3128    -       
5:P     10.3.0.11       0.0.0.0/0       tcp     -       3128    -       
5:P     10.3.0.11       0.0.0.0/0       tcp     -       80      -
5:P     10.3.0.0/24     0.0.0.0/0       tcp     80      -       -

And just to hedge my bet, start:


iptables -t mangle -A PREROUTING -i eth0 -d ! 10.3.0.75 -p tcp --dport 
80 -j MARK --set-mark=5



Both the above dport 80 rules appear to be marking, so I'm not sure 
which is working. I'll bet both, just on different chains.



Yes -- I forget now why I recommended that entry in start rather than one in 
tcrules; at the time I wrote that HOWTO, something needed for that rule was 
missing.


I'm still unclear what you had to change to get the Squid stuff working...

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key




Attachment:
signature.asc

Description: OpenPGP digital signature


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users





























					Reply via email to