Miguel Ángel Domínguez Durán
2005-Feb-25 07:18 UTC
Traffic control in a bridge/firewall machine
Hi everyone, I don''t know if you remember me, but i had a problem with a machine performing bridge (bridge-utils) and firewall (shorewall) duties. I wanted to control traffic in this machine using iproute2 and tc command with the tcstart and tcrules file in shorewall configuration. My machine hanged up when I used my traffic control script that way, but I found a solution :) The key is to use a script (not tcstart or tcrules) which contains iptables commands with "-m physdev --physdev-in <interface>". It works great! Hope it helps someone! UN CORDIAL SALUDO Miguel Ángel Domínguez Durán. Departamento Técnico. Cherrytel Comunicaciones, S.L. mdominguez@cherrytel.com http://www.cherrytel.com/ Tlf. 902 115 673 Fax 952218170
Miguel Ángel Domínguez Durán wrote:> The key is to use a script (not tcstart or tcrules) which contains > iptables commands with "-m physdev --physdev-in <interface>". It works > great!If you put the name of a bridge port in the SOURCE column of /etc/shorewall/tcrules, that is exactly the type of rule that will be generated (if you are running a suitably recent version of Shorewall). That''s what I was trying to tell you a week or more ago but apparently I didn''t make myself clear. Sorry... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key