mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-03 03:59:16 +01:00
Update Multi-ISP example
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
b45c9bd0d2
commit
589e048086
@ -2536,7 +2536,7 @@ wlan0 192.168.0.0/24</programlisting><note>
|
|||||||
<section id="Complete">
|
<section id="Complete">
|
||||||
<title>A Complete Working Example</title>
|
<title>A Complete Working Example</title>
|
||||||
|
|
||||||
<para>This section describes the network at shorewall.net in late 2012.
|
<para>This section describes the network at shorewall.net in late 2013.
|
||||||
The configuration is as follows:</para>
|
The configuration is as follows:</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
@ -2571,7 +2571,7 @@ wlan0 192.168.0.0/24</programlisting><note>
|
|||||||
|
|
||||||
<para>The network is pictured in the following diagram:</para>
|
<para>The network is pictured in the following diagram:</para>
|
||||||
|
|
||||||
<graphic fileref="images/Network2012a.png" />
|
<graphic fileref="images/Network2013.png" />
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>IPv4 Configuration</title>
|
<title>IPv4 Configuration</title>
|
||||||
@ -2707,17 +2707,18 @@ dmz ip #LXC Containers</programlisting>
|
|||||||
<para><filename>/etc/shorewall/interfaces</filename>:</para>
|
<para><filename>/etc/shorewall/interfaces</filename>:</para>
|
||||||
|
|
||||||
<programlisting>#ZONE INTERFACE OPTIONS
|
<programlisting>#ZONE INTERFACE OPTIONS
|
||||||
loc INT_IF dhcp,physical=$INT_IF,required,wait=5,routefilter,nets=172.20.1.0/24
|
loc INT_IF dhcp,physical=$INT_IF,ignore=1,wait=5,routefilter,nets=172.20.1.0/24,routeback
|
||||||
net COMB_IF optional,sourceroute=0,routefilter=0,arp_ignore=1,proxyarp=0,physical=$COMB_IF,upnp,nosmurfs,tcpflags
|
net COMB_IF optional,sourceroute=0,routefilter=0,arp_ignore=1,proxyarp=0,physical=$COMB_IF,upnp,nosmurfs,tcpflags
|
||||||
net COMC_IF optional,sourceroute=0,routefilter=0,arp_ignore=1,proxyarp=0,physical=$COMC_IF,upnp,nosmurfs,tcpflags,dhcp
|
net COMC_IF optional,sourceroute=0,routefilter=0,arp_ignore=1,proxyarp=0,physical=$COMC_IF,upnp,nosmurfs,tcpflags,dhcp
|
||||||
vpn TUN_IF+ physical=tun+,ignore=1
|
vpn TUN_IF+ physical=tun+,ignore=1
|
||||||
dmz br0 routeback,proxyarp=1
|
dmz br0 routeback,proxyarp=1,required,wait=30
|
||||||
- lo ignore</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/hosts:</filename></para>
|
<para><filename>/etc/shorewall/hosts:</filename></para>
|
||||||
|
|
||||||
<programlisting>#ZONE HOST(S) OPTIONS
|
<programlisting>#ZONE HOST(S) OPTIONS
|
||||||
smc COMB_IF:10.1.10.0/24</programlisting>
|
smc COMB_IF:10.1.10.0/24
|
||||||
|
smc COMC_IF:10.0.0.0/24</programlisting>
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/providers</filename>:</para>
|
<para><filename>/etc/shorewall/providers</filename>:</para>
|
||||||
|
|
||||||
@ -2746,26 +2747,26 @@ Squid 3 - - lo - tproxy
|
|||||||
70.90.191.121 - ComcastB 1000
|
70.90.191.121 - ComcastB 1000
|
||||||
70.90.191.123 - ComcastB 1000
|
70.90.191.123 - ComcastB 1000
|
||||||
&COMC_IF - ComcastC 1000
|
&COMC_IF - ComcastC 1000
|
||||||
172.20.1.145 - ComcastC 1000
|
br0 - ComcastB 11000
|
||||||
172.20.1.146 - ComcastC 1000
|
172.20.1.191 - ComcastB 1000
|
||||||
br0 - ComcastB 11000</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
<para>For reference, this configuration generates these routing
|
<para>For reference, this configuration generates these routing
|
||||||
rules:</para>
|
rules:</para>
|
||||||
|
|
||||||
<programlisting>root@gateway:~# ip rule ls
|
<programlisting>root@gateway:~# ip rule ls
|
||||||
0: from all lookup local
|
0: from all lookup local
|
||||||
999: from all lookup main
|
1: from all fwmark 0x80000/0x80000 lookup TProxy
|
||||||
1000: from 70.90.191.121 lookup ComcastB
|
999: from all lookup main
|
||||||
1000: from 70.90.191.123 lookup ComcastB
|
1000: from 70.90.191.121 lookup ComcastB
|
||||||
1000: from 67.170.121.6 lookup ComcastC
|
1000: from 70.90.191.123 lookup ComcastB
|
||||||
1000: from 172.20.1.145 lookup ComcastC
|
1000: from 172.20.1.191 lookup ComcastB
|
||||||
1000: from 172.20.1.146 lookup ComcastC
|
1000: from 10.0.0.4 lookup ComcastC
|
||||||
10000: from all fwmark 0x10000/0x30000 lookup ComcastB
|
10000: from all fwmark 0x10000/0x30000 lookup ComcastB
|
||||||
10001: from all fwmark 0x20000/0x30000 lookup ComcastC
|
10001: from all fwmark 0x20000/0x30000 lookup ComcastC
|
||||||
11000: from all iif br0 lookup ComcastB
|
11000: from all iif br0 lookup ComcastB
|
||||||
32765: from all lookup balance
|
32765: from all lookup balance
|
||||||
32767: from all lookup default
|
32767: from all lookup default
|
||||||
root@gateway:~# </programlisting>
|
root@gateway:~# </programlisting>
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/tcrules</filename> is not used to support
|
<para><filename>/etc/shorewall/tcrules</filename> is not used to support
|
||||||
|
|||||||
BIN
docs/images/Network2013.dia
Executable file
BIN
docs/images/Network2013.dia
Executable file
Binary file not shown.
BIN
docs/images/Network2013.png
Executable file
BIN
docs/images/Network2013.png
Executable file
Binary file not shown.
|
After Width: | Height: | Size: 98 KiB |
Loading…
Reference in New Issue
Block a user