From 09c8e32c4a63875e2581f6fd6ae853695469a5ad Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 6 May 2006 18:08:48 +0000 Subject: [PATCH] Add another example to the route_rules file documentation git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3882 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/MultiISP.xml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index 0f4c2eddd..658d29ebf 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -609,7 +609,7 @@ eth1 eth2 130.252.99.27 20000: from 206.124.146.176 lookup Blarg <=== This and the next rule are generated unless 20256: from 24.12.22.33 lookup Comcast 'loose' is specified; based in the output of 'ip addr ls' 32766: from all lookup main <=== This is the routing table shown by 'iproute -n' -32767: from all lookup default <=== This table is empty +32767: from all lookup default <=== This table is usually empty gateway:~ # In the above example, there are two providers: Blarg and Comcast @@ -678,7 +678,7 @@ gateway:~ # - Example: You want all traffic entering the firewall on eth1 to + Example 1: You want all traffic entering the firewall on eth1 to be routed through Comcast. #SOURCE DEST PROVIDER PRIORITY @@ -699,6 +699,16 @@ eth1 - Comcast 1000 gateway:~ #Note that because we used a priority of 1000, the test for eth1 is inserted before the fwmark tests. + + Example 2: You use OpenVPN (routed setup /tunX) in combination + with multiple providers. In this case you have to set up a rule to + ensure that the OpenVPN traffic is routed back through the tunX + interface(s) rather than through any of the providers. 10.8.0.0/24 is + the subnet choosen in your OpenVPN configuration (server 10.8.0.0 + 255.255.255.0). + + #SOURCE DEST PROVIDER PRIORITY +- 10.8.0.0/24 main 1000