From e042aacd03c5213b0e108553da6625016a78aee2 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 5 Dec 2007 20:07:25 +0000 Subject: [PATCH] Improve Multi-ISP documentation git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7832 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/MultiISP.xml | 56 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 47 insertions(+), 9 deletions(-) diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index a83374f7d..ed312825f 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -281,6 +281,9 @@ role="bold">"detect" is appropriate for use in cases where the interface named in the INTERFACE column is dynamically configured via DHCP etc. + + The GATEWAY may be omitted (enter '-') for point-to-point + links. @@ -474,7 +477,38 @@ What an entry in the Providers File Does Adding another entry in the providers file simply creates an - alternate routing table for you. In addition: + alternate routing table for you. The table will usually contain two + routes: + + + + A host route to the specified GATEWAY through the specified + INTERFACE. + + + + A default route through the GATEWAY. + + + + Note that the first route is omitted if "-" is specified as the + GATEWAY; in that case, the default route does not specify a gateway + (point-to-point link). + + If the DUPLICATE column is non-empty, then routes from the table + named in that column are copied into the new table. By default, all + routes (except default routes) are copied. The set of routes copied can + be restricted using the COPY column which lists the interfaces whose + routes you want copied. You will generally want to include all local + interfaces in this list. You should exclude the loopback interface (lo) + and any interfaces that do not have an IPv4 configuration. You should + also omit interfaces like tun + interfaces that are created dynamically. Traffic to networks handled by + those intefaces should be routed through the main table using entries in + /etc/shorewall/route_rules (see Example 2 below). + + In addition: @@ -968,9 +1002,13 @@ gateway:~ # + - Example 1: You want all traffic entering the firewall on eth1 to - be routed through Comcast. +
+ Examples + + Example 1: You want all traffic + entering the firewall on eth1 to be routed through Comcast. #SOURCE DEST PROVIDER PRIORITY eth1 - Comcast 1000 @@ -991,12 +1029,12 @@ gateway:~ #Note that because we used a priority of 1000, the test for eth1 is inserted before the fwmark tests. - Example 2: You use OpenVPN (routed setup w/tunX) in combination - with multiple providers. In this case you have to set up a rule to - ensure that the OpenVPN traffic is routed back through the tunX - interface(s) rather than through any of the providers. 10.8.0.0/24 is - the subnet choosen in your OpenVPN configuration (server 10.8.0.0 - 255.255.255.0). + Example 2: You use OpenVPN + (routed setup w/tunX) in combination with multiple providers. In this + case you have to set up a rule to ensure that the OpenVPN traffic is + routed back through the tunX interface(s) rather than through any of + the providers. 10.8.0.0/24 is the subnet choosen in your OpenVPN + configuration (server 10.8.0.0 255.255.255.0). #SOURCE DEST PROVIDER PRIORITY - 10.8.0.0/24 main 1000