Hi all !! I have two internet links. I would like mark and route all p2p and junk traffic with a second link (not the default). Can I use shorewall for it ? Thanks in advance. roberto -- Ing. Roberto Pereyra ContenidosOnline Looking for Linux Virtual Private Servers ? Click here: http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Yes of course ! With tcrules JFE -----Message d''origine----- De : shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Roberto Pereyra Envoyé : mercredi 18 octobre 2006 14:17 À : shorewall-users@lists.sourceforge.net Objet : [Shorewall-users] route all p2p traffic with another link Hi all !! I have two internet links. I would like mark and route all p2p and junk traffic with a second link (not the default). Can I use shorewall for it ? Thanks in advance. roberto -- Ing. Roberto Pereyra ContenidosOnline Looking for Linux Virtual Private Servers ? Click here: http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Roberto Pereyra wrote:> Hi all !! > > I have two internet links. > > I would like mark and route all p2p and junk traffic with a second > link (not the default). > > Can I use shorewall for it ? >Yes and no. For that P2P traffic that you can identify up front by protocol and port, you can create marking rules and route the traffic accordingly. For P2P traffic identified by ipp2p, in general you cannot change the routing. Let''s take a look at why (and this really has nothing to do with Shorewall). Suppose that you have two internet connections to two different ISPs. The external IP addresses are a.b.c.d and w.x.y.z for the links to ISP1 and ISP2 respectively. Further suppose that you use SNAT/MASQUERADE through both interfaces to allow your internal clients internet access. Suppose that you want P2P traffic routed out through ISP2 and all other traffic out through ISP1. If internal system 192.168.4.22 establishes a connection to TCP port 80 at i.j.k.l, that connection is routed out of ISP1. So the system at i.j.k.l accepts a connection from a.b.c.d. If later on, the ipp2p module discovers that this connection is later a P2P connection, what happens if it suddenly switches the connection to ISP2? Now, we will be sending packets with source IP a.b.c.d out through the link to ISP2. Since that isn''t an address assigned to you by ISP2, that ISP can reasonably ignore (drop) that traffic. But even if ISP2 doesn''t drop the traffic, only the outbound part of the connection would go through ISP2 -- traffic from i.j.k.l to a.b.c.d will continue to be handled by ISP1. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Thanks to all for the help !! roberto 2006/10/18, Tom Eastep <teastep@shorewall.net>:> Roberto Pereyra wrote: > > Hi all !! > > > > I have two internet links. > > > > I would like mark and route all p2p and junk traffic with a second > > link (not the default). > > > > Can I use shorewall for it ? > > > > Yes and no. > > For that P2P traffic that you can identify up front by protocol and port, you > can create marking rules and route the traffic accordingly. For P2P traffic > identified by ipp2p, in general you cannot change the routing. > > Let''s take a look at why (and this really has nothing to do with Shorewall). > > Suppose that you have two internet connections to two different ISPs. The > external IP addresses are a.b.c.d and w.x.y.z for the links to ISP1 and ISP2 > respectively. Further suppose that you use SNAT/MASQUERADE through both > interfaces to allow your internal clients internet access. Suppose that you want > P2P traffic routed out through ISP2 and all other traffic out through ISP1. > > If internal system 192.168.4.22 establishes a connection to TCP port 80 at > i.j.k.l, that connection is routed out of ISP1. So the system at i.j.k.l accepts > a connection from a.b.c.d. If later on, the ipp2p module discovers that this > connection is later a P2P connection, what happens if it suddenly switches the > connection to ISP2? Now, we will be sending packets with source IP a.b.c.d out > through the link to ISP2. Since that isn''t an address assigned to you by ISP2, > that ISP can reasonably ignore (drop) that traffic. But even if ISP2 doesn''t > drop the traffic, only the outbound part of the connection would go through ISP2 > -- traffic from i.j.k.l to a.b.c.d will continue to be handled by ISP1. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > >-- Ing. Roberto Pereyra ContenidosOnline Looking for Linux Virtual Private Servers ? Click here: http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642