Floating rules : gateway does not discriminate rules
-
Hi
I'm trying to "tag" rules by relying on their gateway:
My setup has 2 WAN et 4 LAN. Traffic is routed correctly from LAN to internet by selectively choosing gateways.But: I want to add download limiters. So in floating rules I applied "match" rules to add dumynet limiters.
When traffic goes through GW_SDSL I want to limit traffic with LimitDown_SDSL/LimitUp_SDSL
When traffic goes through GW_ADSL I want to limit traffic with LimitDown_ADSL/LimitUp_ADSL
By greping in /tmp/rules.debug, here are my rules:match in on { lagg0_vlan10 lagg0_vlan100 lagg0_vlan15 lagg0_vlan2900 } inet proto tcp from $LOCAL_NETS to ! $LOCAL_NETS port $Ports_web tracker 1482858566 flags S/SA dnpipe ( 3,4) label "USER_RULE: LimitDown_SDSL" match in on { lagg0_vlan10 lagg0_vlan100 lagg0_vlan15 lagg0_vlan2900 } inet proto tcp from $LOCAL_NETS to ! $LOCAL_NETS port $Ports_web tracker 1482469877 flags S/SA dnpipe ( 1,2) label "USER_RULE: LimitDown_ADSL"first remark : the chosen GW does not appears in the match rule.
2nd remark: I remember that the last matching rule in the floating tab wins. But traffic is every time limited by the last of the two rules, as if gateway was ignored.To sum up : in the floating rules, gateway does not discriminate rules or are ignored.
Do have I to understand that "gateway" is not a matching criterion, but a way to set a particular gateway to traffic? -
should that topic to be moved on another forum subsection?
Firewalling
Traffic ShapingI'm not sure that it's on the best place for the moment, since it's concerned by firewalling, shamping, and multiwan…