thr3ads.net - LARTC - 2 NICS - local services not shaping correctly [Oct 2007]

If this information is useful, please help other people find it:
Share via:

William Bohannan

2007-Oct-30 09:16 UTC

2 NICS - local services not shaping correctly

Hi

Having a problem trying to figure out how to shape local services
running on the debian box (asterisk, squid etc) as currently the voice
only seems to be getting shaped one way when making external calls.  For
example I have the rules below (these are the matching rules only not
the actual policy rules):

 

#Create Chain for local traffic (outbound)

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -s
193.xxx.xxx.66 -d 193.xxx.xxx.69 -j MARK --set-mark 0x44444445

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -s
193.xxx.xxx.66 -d 193.xxx.xxx.69 -j RETURN

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -s
193.xxx.xxx.69 -d 193.xxx.xxx.66 -j MARK --set-mark 0x44444445

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -s
193.xxx.xxx.69 -d 193.xxx.xxx.66 -j RETURN

 

#Create Chain for all remaining traffic (outbound)

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -j
MARK --set-mark 0x44444446

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -j
RETURN

 

#Phones match (outbound)

/sbin/iptables -t mangle -A match-chain-eth1-1:11 -p tcp -m multiport
--port 4569 -j CLASSIFY --set-class 1:1006

/sbin/iptables -t mangle -A match-chain-eth1-1:11 -p tcp -m multiport
--port 4569 -j RETURN

/sbin/iptables -t mangle -A match-chain-eth1-1:11 -p udp -m multiport
--port 4569 -j CLASSIFY --set-class 1:1006

/sbin/iptables -t mangle -A match-chain-eth1-1:11 -p udp -m multiport
--port 4569 -j RETURN

 

#Create Chain for local traffic (inbound)

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -s
193.xxx.xxx.66 -d 193.xxx.xxx.69 -j MARK --set-mark 0x44444447

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -s
193.xxx.xxx.66 -d 193.xxx.xxx.69 -j RETURN

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -s
193.xxx.xxx.69 -d 193.xxx.xxx.66 -j MARK --set-mark 0x44444447

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -s
193.xxx.xxx.69 -d 193.xxx.xxx.66 -j RETURN

 

#Create Chain for all remaining traffic (inbound)

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -j
MARK --set-mark 0x44444448

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -j
RETURN

 

#Phones match (inbound)

/sbin/iptables -t mangle -A match-chain-eth0-1:12 -p tcp -m multiport
--port 4569 -j CLASSIFY --set-class 1:2008

/sbin/iptables -t mangle -A match-chain-eth0-1:12 -p tcp -m multiport
--port 4569 -j RETURN

/sbin/iptables -t mangle -A match-chain-eth0-1:12 -p udp -m multiport
--port 4569 -j CLASSIFY --set-class 1:2008

/sbin/iptables -t mangle -A match-chain-eth0-1:12 -p udp -m multiport
--port 4569 -j RETURN

 

Kind Regards

William Bohannan

 



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Maybe Matching Threads

Search for more reasonably related threads

LARTC - Oct 2007 - 2 NICS - local services not shaping correctly

2 NICS - local services not shaping correctly

Maybe Matching Threads

Wisdom of the Ancients