From 210be98cdc457c0195c5d5571558d4e08212ae1a Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 4 Sep 2006 16:23:21 +0000 Subject: [PATCH] Tweak FAQs 57 and 58 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4516 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/FAQ.xml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 9c2df5de4..a031195c3 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -1628,11 +1628,12 @@ iptables: Invalid argument the second one, it doesn't work. Answer: The Multi-ISP - Documentation strongly recommends that you use the 'balance' option on - all providers even if you want to manually specify which ISP to use. If - you don't do that so that your main routing table only has one default - route, then you must disable route filtering. Do not specify the - 'routefilter' option on the other interface(s) in + Documentation strongly recommends that you use the balance option on all providers even if you want + to manually specify which ISP to use. If you don't do that so that your + main routing table only has one default route, then you must disable + route filtering. Do not specify the routefilter option on the other interface(s) in /etc/shorewall/interfaces and disable any IP Address Spoofing protection that your distribution supplies. @@ -1649,12 +1650,13 @@ iptables: Invalid argument /etc/shorewall/tcrules file: #MARK SOURCE DEST -1 eth0 -1 $FW +1:P eth0 +1:P $FW <other MARK rules> Now any traffic that isn't marked by one of your other MARK rules - will have mark = 1 and will be sent via ISP1. + will have mark = 1 and will be sent via ISP1. That will work whether + balance is specified or not!