search for: routemark

Shorewall 4.5.9.2 is now available for download. Problems Corrected: 1) Previously, the rules in the ''routemark'' chain did not specify a mask in the MARK target. While a mask isn''t strictly necessary in those rules, one has been added to ally fears of those who read the generated ruleset. Note: The ''routemark'' chain is used to apply provider marks to p...

...ts built-in load balacing for free by using the following set of instructions: iptables -t mangle -A PREROUTING -m connmark ! --mark 0/0xFF -j CONNMARK --restore-mark --mask 0xFF iptables -t mangle -A OUTPUT -m connmark ! --mark 0/0xFF -j CONNMARK --restore-mark --mask 0xFF iptables -t mangle -N routemark iptables -t mangle -A PREROUTING -i eth1 -m mark --mark 0/0xFF -j routemark iptables -t mangle -A routemark -i eth1 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth2 -m mark --mark 0/0xFF -j routemark iptables -t mangle -A routemark -i eth2 -j MARK --set-mark 2 iptables -t mangle -A r...

...ernel scope link src 66.11.173.224 10.8.0.0/24 via 10.8.0.2 dev tun0 10.75.22.0/24 dev br-lan proto kernel scope link src 10.75.22.254 10.75.23.0/24 via 10.8.0.2 dev tun0 67.193.44.0/23 dev eth0.1 proto kernel scope link src 67.193.45.68 default via 67.193.44.1 dev eth0.1 and given a routemark chain of (the first two rules I added manually, but I think this chain is probably irrelevant but thought I''d include it anyway): Chain routemark (2 references) pkts bytes target prot opt in out source destination 0 0 MARK udp -- *...

...1 1 main eth1 192.168.1.1 track,balance Added Default route nexthop via 192.168.1.1 dev eth1 weight 1 Added. iptables v1.2.9: Unknown arg `--mask'' Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -t mangle -A routemark -m mark ! --mark 0 -j CONNMARK --save-mark --mask 255" Failed Here are my tcrules and providers file setup :- /etc/shorewall/tcrules /// #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST # PORT(S) 1 eth2 0.0.0.0/0 tcp 1863,5050,5190 2 eth3 0.0.0.0/0 tcp 1863,5050,5190 3 eth4...

...Thu Jan 25 11:41:20 GMT 2007 Chain PREROUTING (policy ACCEPT 21911 packets, 7207K bytes) pkts bytes target prot opt in out source destination 215 36310 CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK match !0x0/0xff CONNMARK restore mask 0xff 648 69251 routemark 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0 MARK match 0x0/0xff 647 69125 tcpre 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0 21873 7205K tcpre 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x0/0xff00 Chain INPUT (policy ACCEPT 20174 packets, 6867K bytes)...

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

...SMURF_LOG_LEVEL= + DISABLE_IPV6= + BRIDGING= + DYNAMIC_ZONES= + PKTTYPE= + RETAIN_ALIASES= + DELAYBLACKLISTLOAD= + LOGTAGONLY= + LOGALLNEW= + DROPINVALID= + RFC1918_STRICT= + MACLIST_TTL= + SAVE_IPSETS= + RESTOREFILE= + RESTOREBASE= + TMP_DIR= + CROSSBEAM= + CROSSBEAM_BACKBONE= + ALL_INTERFACES= + ROUTEMARK_INTERFACES= + ROUTEMARK=256 + PROVIDERS= + stopping= + have_mutex= + masq_seq=1 + nonat_seq=1 + aliases_to_add= + FUNCTIONS=/usr/share/shorewall/functions + ''['' -f /usr/share/shorewall/functions '']'' + ''['' -n '''' '']'...