shorewall_code/Shorewall/providers

95 lines
3.4 KiB
Plaintext
Raw Normal View History

#
# Shorewall version 3.2 - Providers File
#
# /etc/shorewall/providers
#
# This file is used to define additional routing tables. You will
# want to define an additional table if:
#
# - You have connections to more than one ISP or multiple connections
# to the same ISP
#
# - You run Squid as a transparent proxy on a host other than the
# firewall.
#
# To omit a column, enter "-".
#
# Columns are:
#
# NAME The provider name.
#
# NUMBER The provider number -- a number between 1 and 15
#
# MARK A FWMARK value used in your /etc/shorewall/tcrules
# file to direct packets to this provider.
#
# If HIGH_ROUTE_MARKS=Yes in shorewall.conf, then the
# value must between 0x0100 and 0xff00 and the
# low-order byte of the value must be zero. Otherwise,
# the value must be between 1 and 255.
#
# DUPLICATE The name of an existing table to duplicate. May be
# 'main' or the name of a previous provider.
#
# INTERFACE The name of the network interface to the provider.
# Must be listed in /etc/shorewall/interfaces.
#
# GATEWAY The IP address of the provider's gateway router.
#
# You can enter "detect" here and Shorewall will
# attempt to detect the gateway automatically.
#
# OPTIONS A comma-separated list selected from the following:
#
# track If specified, connections FROM this interface are
# to be tracked so that responses may be routed back
# out this same interface.
#
# You want specify 'track' if internet hosts will be
# connecting to local servers through this provider.
#
# balance The providers that have 'balance' specified will
# get outbound traffic load-balanced among them. By
# default, all interfaces with 'balance' specified
# will have the same weight (1). You can change the
# weight of an interface by specifiying balance=<weight>
# where <weight> is the weight of the route out of
# this interface.
#
# loose Normally, Shorewall adds routing rules to prohibit
# firewall marks from working with traffic generated
# on the firewall itself. By setting the 'loose'
# option, generation of these rules is avoided.
#
# COPY A comma-separated lists of other interfaces on your
# firewall. Only makes sense when DUPLICATE is 'main'.
# Only copy routes through INTERFACE and through
# interfaces listed here. If you only wish to copy
# routes through INTERFACE, enter 'none' here.
#
# Example: You run squid in your DMZ on IP address 192.168.2.99. Your DMZ
# interface is eth2
#
# #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
# Squid 1 1 - eth2 192.168.2.99 -
#
# Example:
#
# eth0 connects to ISP 1. The IP address of eth0 is 206.124.146.176 and
# the ISP's gateway router has IP address 206.124.146.254.
#
# eth1 connects to ISP 2. The IP address of eth1 is 130.252.99.27 and the
# ISP's gateway router has IP address 130.252.99.254.
#
# eth2 connects to a local network.
#
# #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
# ISP1 1 1 main eth0 206.124.146.254 track,balance eth2
# ISP2 2 2 main eth1 130.252.99.254 track,balance eth2
#
# For additional information, see http://shorewall.net/MultiISP.html
#
############################################################################################
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE