From: Tom E. <te...@sh...> - 2005-07-18 20:41:28
|
Matt N wrote: >> > My hunch is that it's still some issue with the marked packets not >> being >> routed properly the second time, after they've been through the OUTPUT >> chain. However, according to the shorewall documentation here: >> http://www.shorewall.net/Shorewall_and_Routing.html , the packets >> should be >> re-routed after being marked in the OUTPUT chain :( >> > >> > Could someone confirm to me that packets generated from the firewall >> can >> definitely be routed using fwmarks? >> >> How are you marking them in the tcrules file? > > I simply put the line: > > 1 $FW 0.0.0.0/0 tcp 80 > > in tcrules > > and like I posted earlier, the marking is definitely happening, because > the packet/byte counts increase every for that rule every time I make an > outgoing HTTP connection from my firewall. However, the routing doesn't > seem to be affected by the mark... I just reproduced the problem. Shorewall generates routing rules that ensure that packets with a source IP equal to an IP address on an interface to a provider will be sent via that provider. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |