2 NICS - local services not shaping correctly | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
|
Hi Having a problem trying to figure out how to shape local
services running on the debian box (asterisk, squid etc) as currently the voice
only seems to be getting shaped one way when making external calls. For
example I have the rules below (these are the matching rules only not the
actual policy rules): #Create Chain for local traffic (outbound) /sbin/iptables -t mangle -A match-all
-m physdev --physdev-in eth0 -s 193.xxx.xxx.66 -d 193.xxx.xxx.69 -j MARK
--set-mark 0x44444445 /sbin/iptables -t mangle -A match-all
-m physdev --physdev-in eth0 -s 193.xxx.xxx.66 -d 193.xxx.xxx.69 -j RETURN /sbin/iptables -t mangle -A match-all
-m physdev --physdev-in eth0 -s 193.xxx.xxx.69 -d 193.xxx.xxx.66 -j MARK --set-mark
0x44444445 /sbin/iptables
-t mangle -A match-all -m physdev --physdev-in eth0 -s 193.xxx.xxx.69 -d 193.xxx.xxx.66
-j RETURN #Create Chain for all remaining traffic (outbound) /sbin/iptables -t mangle -A match-all
-m physdev --physdev-in eth0 -j MARK --set-mark 0x44444446 /sbin/iptables
-t mangle -A match-all -m physdev --physdev-in eth0 -j RETURN #Phones match (outbound) /sbin/iptables -t mangle -A match-chain-eth1-1:11
-p tcp -m multiport --port 4569 -j CLASSIFY --set-class 1:1006 /sbin/iptables -t mangle -A match-chain-eth1-1:11
-p tcp -m multiport --port 4569 -j RETURN /sbin/iptables -t mangle -A match-chain-eth1-1:11
-p udp -m multiport --port 4569 -j CLASSIFY --set-class 1:1006 /sbin/iptables
-t mangle -A match-chain-eth1-1:11 -p udp -m multiport --port 4569 -j RETURN #Create Chain for local traffic (inbound) /sbin/iptables -t mangle -A match-all
-m physdev --physdev-in eth1 -s 193.xxx.xxx.66 -d 193.xxx.xxx.69 -j MARK
--set-mark 0x44444447 /sbin/iptables -t mangle -A match-all
-m physdev --physdev-in eth1 -s 193.xxx.xxx.66 -d 193.xxx.xxx.69 -j RETURN /sbin/iptables -t mangle -A match-all
-m physdev --physdev-in eth1 -s 193.xxx.xxx.69 -d 193.xxx.xxx.66 -j MARK
--set-mark 0x44444447 /sbin/iptables
-t mangle -A match-all -m physdev --physdev-in eth1 -s 193.xxx.xxx.69 -d 193.xxx.xxx.66
-j RETURN #Create Chain for all remaining traffic (inbound) /sbin/iptables -t mangle -A match-all
-m physdev --physdev-in eth1 -j MARK --set-mark 0x44444448 /sbin/iptables
-t mangle -A match-all -m physdev --physdev-in eth1 -j RETURN #Phones match (inbound) /sbin/iptables -t mangle -A match-chain-eth0-1:12
-p tcp -m multiport --port 4569 -j CLASSIFY --set-class 1:2008 /sbin/iptables -t mangle -A match-chain-eth0-1:12
-p tcp -m multiport --port 4569 -j RETURN /sbin/iptables -t mangle -A match-chain-eth0-1:12
-p udp -m multiport --port 4569 -j CLASSIFY --set-class 1:2008 /sbin/iptables
-t mangle -A match-chain-eth0-1:12 -p udp -m multiport --port 4569 -j RETURN Kind Regards William Bohannan |
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc