Christian Vieser wrote: > Tom wrote: > >>> Is there a "shorewall way" to solve this problem? > >> > >> I would start with http://www.shorewall.net/MultiISP.html. > >> Sounds like the "track" option may solve this. > > > > I agree that this is another case where 'track' should help. > > I'm sorry, but I found no hint in the MultiISP documentation for solving my > problem. All providers are configured with options "track,balance" and get > a different MARK value. As I understood, the standard connection tracking > is based on incoming traffic (perhaps better to say: external initiated > traffic). > But with ftps I have two connections initiated by myself. Of course, I > could > insert a rule in tcrules pointing all traffic to one provider, but the > result would > be the same as my route pinning now: If the chosen provider is down, I have > to manually change the routing rule. > > So, the question is: When the first connection is established, how can I > mark > all further connections (from the origin of the connection or to the > destination > of the connection) to use the same provider, as long as the first > connection > stays established?
Try using the 'SAME' MARK/CLASSIFY target in a tcrule that specifies the ftps client's address in the SOURCE column. Note that this is yet one more reason to prefer sftp over ftps. Netfilter can't relate ftps control and data connections, so it can't transfer the control connection's mark to related data connections as it does with unencrypted ftp. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
