From f33287f1b48a0b3ae7a93e1a26a12c769428c955 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 4 Sep 2006 14:45:19 +0000 Subject: [PATCH] Move Multi-ISP/routefilter information to FAQ git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4511 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/FAQ.xml | 38 ++++++++++++++++++++++++++++++++++++++ docs/MultiISP.xml | 37 +++++-------------------------------- 2 files changed, 43 insertions(+), 32 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index c007e5e14..9c2df5de4 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -1620,6 +1620,44 @@ iptables: Invalid argument +
+ Multiple ISPs + +
+ (FAQ 57) I configured two ISPs in Shorewall but when I try to use + the second one, it doesn't work. + + Answer: The Multi-ISP + Documentation strongly recommends that you use the 'balance' option on + all providers even if you want to manually specify which ISP to use. If + you don't do that so that your main routing table only has one default + route, then you must disable route filtering. Do not specify the + 'routefilter' option on the other interface(s) in + /etc/shorewall/interfaces and disable any + IP Address Spoofing protection that your + distribution supplies. +
+ +
+ (FAQ 58) But if I specify 'balance' then won't Shorewall balance + the traffic between the interfaces? I don't want that! + + Answer: Suppose that you want all + traffic to go out through ISP1 (mark 1) unless you specify otherwise; + your internal interface is eth0. + Then simply add these two rules as the first marking rules in your + /etc/shorewall/tcrules file: + + #MARK SOURCE DEST +1 eth0 +1 $FW +<other MARK rules> + + Now any traffic that isn't marked by one of your other MARK rules + will have mark = 1 and will be sent via ISP1. +
+
+
About Shorewall diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index ebee02da2..b236f7267 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -336,36 +336,9 @@ specify 'balance' even if you don't need it. You can still use entries in /etc/shorewall/tcrules to force traffic to one provider or another. - There will be those of you who will say "Those - idiots at shorewall.net don't understand. I don't want - my traffic balanced so I'm not going to set the - 'balance' option!" If you are one of those users, then - if you can't get your second interface to work, check - the mailing list archives -- there have been others - before you who also thought that we were fools. - - "Oh Tom -- I don't understand how to use - /etc/shorewall/tcrules to avoid - balancing if I set 'balance' on my interfaces". - - I know -- that is only slightly less complex - than brain surgery but let me try to - explain: - - Your first tcrule should mark all traffic so - that it will go out through the "default" - provider. - - - - Your remaining rules should be the "exception" - rules that mark traffic to go out the other - providers. - - - - I hope that you are not overwelmed by these - intricate instructions. + If you don't heed this advice then be prepared + to read FAQ 57 and + FAQ 58. @@ -377,7 +350,7 @@ reported that this change has corrected similar problems. - The SUSE 10.0 kernel is subject to this problem, and + The SuSE 10.0 kernel is subject to this problem, and a kernel oops may result in this circumstance. @@ -807,4 +780,4 @@ gateway:~ #Note that because we used a priority of 1000, the
- + \ No newline at end of file