Revise USE_DEFAULT_RT and single-interface sections

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8874 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-21 23:23:13 +01:00 · 2008-11-16 15:02:51 +00:00 · 2008-11-16 15:02:51 +00:00 · da103abe81
commit da103abe81
parent 367ceb179c
1 changed files with 83 additions and 83 deletions
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@ -973,6 +973,84 @@ gateway:~ #</programlisting>Note that because we used a priority of 1000, the
      </section>
    </section>

+    <section id="USE_DEFAULT_RT">
+      <title>USE_DEFAULT_RT</title>
+
+      <para>Beginning with Shorewall 4.2.0 Beta3, Shorewall-perl has supported
+      a USE_DEFAULT_RT option in <ulink
+      url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5).</para>
+
+      <para>One of the drawbacks of the Mulit-ISP support as described in the
+      preceding sections is that changes to the main table made by
+      applications are not added to the individual provider tables. This makes
+      route rules such as described in <link linkend="Openvpn">one of the
+      examples above</link> necessary.</para>
+
+      <para>USE_DEFAULT_RT=Yes works around that problem by passing packets
+      through the main table first rather than last. This has a number of
+      implications:</para>
+
+      <orderedlist>
+        <listitem>
+          <para>Both the DUPLICATE and the COPY columns in the providers file
+          must remain empty or contain "-". The individual provider routing
+          tables generated when USE_DEFAULT_RT=Yes contain only a host route
+          to the gateway and a default route via the gateway.</para>
+        </listitem>
+
+        <listitem>
+          <para>The <emphasis role="bold">balance</emphasis> option is assumed
+          for all interfaces that do not have the <emphasis
+          role="bold">loose</emphasis> option. When you want both <emphasis
+          role="bold">balance</emphasis> and <emphasis
+          role="bold">loose</emphasis>, both must be specified.</para>
+        </listitem>
+
+        <listitem>
+          <para>The default route generated by Shorewall is added to the
+          <emphasis>default</emphasis> routing table (253) rather than to the
+          main routing table (254).</para>
+        </listitem>
+
+        <listitem>
+          <para>Packets are sent through the main routing table by a routing
+          rule with priority 999. In ), the priority range 1-998 may be used
+          for inserting rules that bypass the main table.</para>
+        </listitem>
+
+        <listitem>
+          <para>All provider gateways must be specified explicitly in the
+          GATEWAY column. 'detect' may not be specified. Note that for ppp
+          interfaces, the GATEWAY may remain unspecified ("-").</para>
+        </listitem>
+
+        <listitem>
+          <para>You should disable all default route management outside of
+          Shorewall. If a default route is inadvertently added to the main
+          table while Shorewall is started, then all policy routing will stop
+          working except for those routing rules in the priority range
+          1-998.</para>
+        </listitem>
+      </orderedlist>
+
+      <para>Although 'balance' is automatically assumed when
+      USE_DEFAULT_RT=Yes, you can easily cause all traffic to use one provider
+      except when you explicitly direct it to use the other provider via
+      <ulink
+      url="manpages/shorewall-route_rules.html">shorewall-route_rules</ulink>
+      (5) or <ulink
+      url="manpages/shorewall-tcrules.html">shorewall-tcrules</ulink>
+      (5).</para>
+
+      <para>Example (send all traffic through the 'shorewall' provider unless
+      otherwise directed).</para>
+
+      <para>/etc/shorewall/providers:<programlisting>#NAME    NUMBER MARK DUPLICATE INTERFACE GATEWAY       OPTIONS
+linksys       1    1    -        wlan0   172.20.1.1    track,balance=1,optional
+shorewall     2    2    -        eth0    192.168.1.254 track,balance=2,optional</programlisting>/etc/shorewall/route_rules:<programlisting>#SOURCE     DEST      PROVIDER        PRIORITY
+-           -         shorewall       11999</programlisting></para>
+    </section>
+
    <section id="Shared">
      <title>Two Providers Sharing an Interface</title>

@ -1062,12 +1140,12 @@ gateway:~ #</programlisting>Note that because we used a priority of 1000, the
      <para>The local wired network in my office is connected to both gateways
      and uses the private (RFC 1918) network 172.20.1.0/24. The Comcast
      gateway has local IP address 172.20.1.1 while the Avvanta gateway has
-      local IP address 172.20.1.1. Ursa's eth0 interface has a single IP
+      local IP address 172.20.1.254. Ursa's eth0 interface has a single IP
      address (172.20.1.130).</para>

      <para>This configuration uses USE_DEFAULT_RT=Yes in
      <filename>shorewall.conf </filename>(see <link
-      linkend="USE_DEFAULT_RT">below</link>).</para>
+      linkend="USE_DEFAULT_RT">above</link>).</para>

      <para>Here is the <filename>providers</filename> file:</para>

@ -1103,8 +1181,8 @@ wireless       3        3    -         wlan0                172.20.1.1   track,o
        </listitem>

        <listitem>
-          <para>The <emphasis role="bold">wireless</emphasis> provider is
-          never used when the laptop is connected to the wired network.</para>
+          <para>I always disable the <emphasis role="bold">wireless</emphasis>
+          interface when the laptop is connected to the wired network.</para>
        </listitem>

        <listitem>
@ -1172,83 +1250,5 @@ wlan0                   192.168.0.0/24</programlisting><note>
          don't need to specify the providers in the masq rules.</para>
        </note></para>
    </section>
-
-    <section id="USE_DEFAULT_RT">
-      <title>USE_DEFAULT_RT</title>
-
-      <para>Beginning with Shorewall 4.2.0 Beta3, Shorewall-perl has supported
-      a USE_DEFAULT_RT option in <ulink
-      url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5).</para>
-
-      <para>One of the drawbacks of the Mulit-ISP support as described in the
-      preceding section is that changes to the main table made by applications
-      are not added to the individual provider tables. This makes route rules
-      such as described in <link linkend="Openvpn">one of the examples
-      above</link> necessary.</para>
-
-      <para>USE_DEFAULT_RT=Yes works around that problem by passing packets
-      through the main table first rather than last. This has a number of
-      implications:</para>
-
-      <orderedlist>
-        <listitem>
-          <para>Both the DUPLICATE and the COPY columns in the providers file
-          must remain empty or contain "-". The individual provider routing
-          tables generated when USE_DEFAULT_RT=Yes contain only a host route
-          to the gateway and a default route via the gateway.</para>
-        </listitem>
-
-        <listitem>
-          <para>The <emphasis role="bold">balance</emphasis> option is assumed
-          for all interfaces that do not have the <emphasis
-          role="bold">loose</emphasis> option. When you want both <emphasis
-          role="bold">balance</emphasis> and <emphasis
-          role="bold">loose</emphasis>, both must be specified.</para>
-        </listitem>
-
-        <listitem>
-          <para>The default route generated by Shorewall is added to the
-          <emphasis>default</emphasis> routing table (253) rather than to the
-          main routing table (254).</para>
-        </listitem>
-
-        <listitem>
-          <para>Packets are sent through the main routing table by a routing
-          rule with priority 999. In ), the priority range 1-998 may be used
-          for inserting rules that bypass the main table.</para>
-        </listitem>
-
-        <listitem>
-          <para>All provider gateways must be specified explicitly in the
-          GATEWAY column. 'detect' may not be specified. Note that for ppp
-          interfaces, the GATEWAY may remain unspecified ("-").</para>
-        </listitem>
-
-        <listitem>
-          <para>You should disable all default route management outside of
-          Shorewall. If a default route is inadvertently added to the main
-          table while Shorewall is started, then all policy routing will stop
-          working except for those routing rules in the priority range
-          1-998.</para>
-        </listitem>
-      </orderedlist>
-
-      <para>Although 'balance' is automatically assumed when
-      USE_DEFAULT_RT=Yes, you can easily cause all traffic to use one provider
-      except when you explicitly direct it to use the other provider via
-      <ulink
-      url="manpages/shorewall-route_rules.html">shorewall-route_rules</ulink>
-      (5) or <ulink
-      url="manpages/shorewall-tcrules.html">shorewall-tcrules</ulink>
-      (5).</para>
-
-      <para>Example (send all traffic through the 'shorewall' provider unless
-      otherwise directed).</para>
-
-      <para>/etc/shorewall/providers:<programlisting>#NAME    NUMBER MARK DUPLICATE INTERFACE GATEWAY       OPTIONS
-linksys       1    1    -        wlan0   172.20.1.1    track,balance=1,optional
-shorewall     2    2    -        eth0    192.168.1.254 track,balance=2,optional</programlisting>/etc/shorewall/rules:<programlisting>#SOURCE     DEST      PROVIDER        PRIORITY
-           -         shorewall       11999</programlisting></para>
-    </section>
  </section>
-</article>
+</article>