2 NICS - local services not shaping correctly

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

Having a problem trying to figure out how to shape local services running on the debian box (asterisk, squid etc) as currently the voice only seems to be getting shaped one way when making external calls.  For example I have the rules below (these are the matching rules only not the actual policy rules):

 

#Create Chain for local traffic (outbound)

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -s 193.xxx.xxx.66 -d 193.xxx.xxx.69 -j MARK --set-mark 0x44444445

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -s 193.xxx.xxx.66 -d 193.xxx.xxx.69 -j RETURN

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -s 193.xxx.xxx.69 -d 193.xxx.xxx.66 -j MARK --set-mark 0x44444445

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -s 193.xxx.xxx.69 -d 193.xxx.xxx.66 -j RETURN

 

#Create Chain for all remaining traffic (outbound)

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -j MARK --set-mark 0x44444446

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth0 -j RETURN

 

#Phones match (outbound)

/sbin/iptables -t mangle -A match-chain-eth1-1:11 -p tcp -m multiport --port 4569 -j CLASSIFY --set-class 1:1006

/sbin/iptables -t mangle -A match-chain-eth1-1:11 -p tcp -m multiport --port 4569 -j RETURN

/sbin/iptables -t mangle -A match-chain-eth1-1:11 -p udp -m multiport --port 4569 -j CLASSIFY --set-class 1:1006

/sbin/iptables -t mangle -A match-chain-eth1-1:11 -p udp -m multiport --port 4569 -j RETURN

 

#Create Chain for local traffic (inbound)

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -s 193.xxx.xxx.66 -d 193.xxx.xxx.69 -j MARK --set-mark 0x44444447

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -s 193.xxx.xxx.66 -d 193.xxx.xxx.69 -j RETURN

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -s 193.xxx.xxx.69 -d 193.xxx.xxx.66 -j MARK --set-mark 0x44444447

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -s 193.xxx.xxx.69 -d 193.xxx.xxx.66 -j RETURN

 

#Create Chain for all remaining traffic (inbound)

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -j MARK --set-mark 0x44444448

/sbin/iptables -t mangle -A match-all -m physdev --physdev-in eth1 -j RETURN

 

#Phones match (inbound)

/sbin/iptables -t mangle -A match-chain-eth0-1:12 -p tcp -m multiport --port 4569 -j CLASSIFY --set-class 1:2008

/sbin/iptables -t mangle -A match-chain-eth0-1:12 -p tcp -m multiport --port 4569 -j RETURN

/sbin/iptables -t mangle -A match-chain-eth0-1:12 -p udp -m multiport --port 4569 -j CLASSIFY --set-class 1:2008

/sbin/iptables -t mangle -A match-chain-eth0-1:12 -p udp -m multiport --port 4569 -j RETURN

 

Kind Regards

William Bohannan

 

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux