Slava wrote: > > > Sorry, more details > We divide web traffic in several group, each has CONNMARK for example > 0x1...0xN, assigned in output chain after Tproxy-Squid. For incoming > from i-net packets this MARK restored in PREROUTING and traffic go to > IMQ for shaping. DIVERT set his own bit in MARK, in default config > OR 0x200 ( for TC_BITS=16 have 0x20000 ). So (question) on IMQ we have MARK > 0x201...0x20N, and i can't define > classes with such numbers in TCCLASSES. (I return TCRULES to FORMAT 1 > and create divert table and jump to it in START config file and all > work well) >
Okay -- You will have to continue to use that method. The problem is that Shorewall wants to reserve the PREROUTING mangle chain for policy routing whereas IMQ requires setting TC marks in PREROUTING. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
