extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 15:43:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add another example to the route_rules file documentation

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3882 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-05-06 18:08:48 +00:00
parent a9772bb576
commit 09c8e32c4a
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/MultiISP.xml
View File

@ -609,7 +609,7 @@ eth1 eth2 130.252.99.27</programlisting>
20000: from 206.124.146.176 lookup Blarg &lt;=== This and the next rule are generated unless 20000: from 206.124.146.176 lookup Blarg &lt;=== This and the next rule are generated unless
20256: from 24.12.22.33 lookup Comcast 'loose' is specified; based in the output of 'ip addr ls' 20256: from 24.12.22.33 lookup Comcast 'loose' is specified; based in the output of 'ip addr ls'
32766: from all lookup main &lt;=== This is the routing table shown by 'iproute -n' 32766: from all lookup main &lt;=== This is the routing table shown by 'iproute -n'
32767: from all lookup default &lt;=== This table is empty 32767: from all lookup default &lt;=== This table is usually empty
gateway:~ #</programlisting> gateway:~ #</programlisting>
<para>In the above example, there are two providers: Blarg and Comcast <para>In the above example, there are two providers: Blarg and Comcast
@ -678,7 +678,7 @@ gateway:~ #</programlisting>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<para>Example: You want all traffic entering the firewall on eth1 to <para>Example 1: You want all traffic entering the firewall on eth1 to
be routed through Comcast.</para> be routed through Comcast.</para>
<programlisting>#SOURCE DEST PROVIDER PRIORITY <programlisting>#SOURCE DEST PROVIDER PRIORITY
@ -699,6 +699,16 @@ eth1 - Comcast 1000</programlisting>
gateway:~ #</programlisting>Note that because we used a priority of 1000, the gateway:~ #</programlisting>Note that because we used a priority of 1000, the
test for <filename class="devicefile">eth1</filename> is inserted test for <filename class="devicefile">eth1</filename> is inserted
before the fwmark tests.</para> before the fwmark tests.</para>
<para>Example 2: You use OpenVPN (routed setup /tunX) in combination
with multiple providers. In this case you have to set up a rule to
ensure that the OpenVPN traffic is routed back through the tunX
interface(s) rather than through any of the providers. 10.8.0.0/24 is
the subnet choosen in your OpenVPN configuration (server 10.8.0.0
255.255.255.0).</para>
<programlisting>#SOURCE DEST PROVIDER PRIORITY
- 10.8.0.0/24 main 1000</programlisting>
</section> </section>
</section> </section>
</section> </section>