I was given direction from Charles Steinkuehler on my question, but I am still not clear on how to implement the routing rules in /etc/network/interfaces, or what specific rules to set since my case is slightly different from what is recommended at the documentation site.
I am looking at the following URL from what was suggested: http://lartc.org/howto/lartc.rpdb.multiple-links.html Going from their model, I have something more like this that I not only need to set up, but test and verify it works on the wire before we down production equipment and move it to a new location: _______ +-----------------+ / | Provider 1 | | +------------+ 66.114.33.64/30 +---- | | gw 66.114.34.65 | / +-----------------+ +----------------+ +-----------------+ | | DMZ via Prov.1 +-|eth2 eth0 | / | 66.114.34.92/30 | | | | +-----------------+ | Linux Router | | Internet | | | +-----------------+ | | \ | Lcl NAT via Prv2| | | | | 192.168.2.0/24 +-+eth1 eth3 | \ +-----------------+ +-----+----------+ +-----------------+ \ | | Provider 2 | | +------------+ 192.168.1.0/24 +------\ | gw 192.168.1.254| \_______ +-----------------+ I note /etc/iproute2/rt_tables which on my machine has the following as a default on my existing router: # # reserved values # 255 local 254 main 253 default 0 unspec # # local # 1 inr.ruhep The only 'inbound' traffic from the net comes from Provider 1.to the DMZ. I suspect I need to add tables to rt_tables, for which the following names would be useful to match my shorewall names: Eth0 net Eth1 lcl Eth2 dmz Eth3 cbl So am I correct to comment out 'inr.ruhep' and append the following to rt_tables? 1 net 2 lcl 3 dmz 4 cbl It then looks like I need to do the 'ip route add default via ....' commands, and they should be in ifup. I have /etc/network/if-up.d with no example scripts inside it. Their example also has commands for me to see what the route tables look like. However I need the routes added as part of LEAF on startup, and the 'show' commands are a separate issue of debugging what I'm trying to accomplish. For all their instructions, and my reading of http://www.linuxhorizon.ro/iproute2.html I am still not clear *where* and *how* to set up a script that will automatically send all traffic coming over eth1 out eth3, excluding traffic directed at eth2's network. Their example doesn't appear to refer to a 'dmz' situation, and I'm not clear if I can put the route mapping in /etc/network/interfaces or /etc/network/if-up.d, and how to format it. What would you suggest for this case? I feel like my brain is trying to climb up the down escalator. It appears I do not need to change Shorewall unless I want special behavior, such as 'outbound port 80 always goes out cbl interface'. I want no special behavior until I am completely confident about this general behavior. Thank you. --Romaq ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
