Floating rules : gateway does not discriminate rules



  • Hi

    I'm trying to "tag" rules by relying on their gateway:
    My setup has 2 WAN et 4 LAN. Traffic is routed correctly from LAN to internet by selectively choosing gateways.

    But: I want to add download limiters. So in floating rules I applied  "match" rules to add dumynet limiters.
    When traffic goes through GW_SDSL I want to limit traffic with LimitDown_SDSL/LimitUp_SDSL
    When traffic goes through GW_ADSL I want to limit traffic with LimitDown_ADSL/LimitUp_ADSL
    By greping in /tmp/rules.debug, here are my rules:

    match  in  on {  lagg0_vlan10  lagg0_vlan100  lagg0_vlan15  lagg0_vlan2900  } inet proto tcp  from $LOCAL_NETS to ! $LOCAL_NETS port $Ports_web tracker 1482858566 flags S/SA  dnpipe ( 3,4)  label "USER_RULE: LimitDown_SDSL"
    match  in  on {  lagg0_vlan10  lagg0_vlan100  lagg0_vlan15  lagg0_vlan2900  } inet proto tcp  from $LOCAL_NETS to ! $LOCAL_NETS port $Ports_web tracker 1482469877 flags S/SA  dnpipe ( 1,2)  label "USER_RULE: LimitDown_ADSL"
    

    first remark : the chosen GW does not appears in the match rule.
    2nd remark: I remember that the last matching rule in the floating tab wins. But traffic is every time limited by the last of the two rules, as if gateway was ignored.

    To sum up : in the floating rules, gateway does not discriminate rules or are ignored.
    Do have I to understand that "gateway" is not a matching criterion, but a way to set a particular gateway to traffic?



  • should that topic to be moved on another forum subsection?
    Firewalling
    Traffic Shaping

    I'm not sure that it's on the best place for the moment, since it's concerned by firewalling, shamping, and multiwan…


Log in to reply