2006-04-02 17:23:01 +02:00
|
|
|
#
|
2006-10-05 02:04:59 +02:00
|
|
|
# Shorewall version 3.3 - route_rules File
|
2006-04-02 17:23:01 +02:00
|
|
|
#
|
2006-04-14 19:10:14 +02:00
|
|
|
# /etc/shorewall/route_rules
|
2006-04-02 17:23:01 +02:00
|
|
|
#
|
|
|
|
# Entries in this file cause traffic to be routed to one of the
|
|
|
|
# providers listed in /etc/shorewall/providers.
|
|
|
|
#
|
|
|
|
# Columns are:
|
|
|
|
#
|
2006-05-02 19:10:50 +02:00
|
|
|
# SOURCE(optional)
|
|
|
|
# An ip address (network or host) that
|
2006-04-04 00:35:13 +02:00
|
|
|
# matches the source IP address in a packet.
|
|
|
|
# May also be specified as an interface
|
|
|
|
# name optionally followed by ":" and an
|
|
|
|
# address. If the device 'lo' is specified,
|
|
|
|
# the packet must originate from the firewall
|
|
|
|
# itself.
|
|
|
|
#
|
|
|
|
# DEST(optional) An ip address (network or host) that
|
|
|
|
# matches the destination IP address in a packet.
|
|
|
|
#
|
|
|
|
# If you choose to omit either SOURCE or DEST,
|
|
|
|
# place "-" in that column. Note that you
|
|
|
|
# may not omit both SOURCE and DEST.
|
|
|
|
#
|
2006-04-02 17:23:01 +02:00
|
|
|
# PROVIDER The provider to route the traffic through.
|
|
|
|
# May be expressed either as the provider name
|
2006-05-06 19:24:57 +02:00
|
|
|
# or the provider number. May also be 'main'
|
2006-05-06 19:56:27 +02:00
|
|
|
# or 254 for the main routing table. This can
|
|
|
|
# be used in combination with VPN tunnels, see
|
|
|
|
# example 2 below.
|
2006-04-02 17:23:01 +02:00
|
|
|
#
|
|
|
|
# PRIORITY
|
|
|
|
# The rule's priority which determines the order
|
|
|
|
# in which the rules are processed.
|
|
|
|
#
|
|
|
|
# 1000-1999 Before Shorewall-generated
|
|
|
|
# 'MARK' rules
|
|
|
|
#
|
|
|
|
# 11000- 11999 After 'MARK' rules but before
|
|
|
|
# Shorewall-generated rules for
|
|
|
|
# ISP interfaces.
|
|
|
|
#
|
|
|
|
# 26000-26999 After ISP interface rules but
|
|
|
|
# before 'default' rule.
|
|
|
|
#
|
|
|
|
# Rules with equal priority are applied in
|
|
|
|
# the order in which they appear in the file.
|
|
|
|
#
|
2006-05-06 19:56:27 +02:00
|
|
|
# Example 1: You want all traffic coming in on eth1 to be routed to the ISP1
|
2006-04-02 17:23:01 +02:00
|
|
|
# provider:
|
|
|
|
#
|
2006-04-04 00:35:13 +02:00
|
|
|
# #SOURCE DEST PROVIDER PRIORITY
|
|
|
|
# eth1 - ISP1 1000
|
2006-04-02 17:23:01 +02:00
|
|
|
#
|
2006-05-06 19:56:27 +02:00
|
|
|
# Example 2: You use OpenVPN (routed setup /tunX) in combination with multiple
|
|
|
|
# providers. In this case you have to set up a rule to ensure that
|
|
|
|
# the OpenVPN traffic is routed back through the tunX interface(s)
|
|
|
|
# rather than through any of the providers. 10.8.0.0/24 is the
|
|
|
|
# subnet choosen in your OpenVPN configuration (server 10.8.0.0
|
|
|
|
# 255.255.255.0)
|
|
|
|
#
|
|
|
|
# #SOURCE DEST PROVIDER PRIORITY
|
2006-05-06 19:56:49 +02:00
|
|
|
# - 10.8.0.0/24 main 1000
|
2006-05-06 19:56:27 +02:00
|
|
|
#
|
2006-04-02 17:23:01 +02:00
|
|
|
# For additional information, see http://www.shorewall.net/MultiISP.html
|
|
|
|
##############################################################################
|
2006-04-04 00:35:13 +02:00
|
|
|
#SOURCE DEST PROVIDER PRIORITY
|
2006-04-02 17:23:01 +02:00
|
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|