Hi,
My question isn't really shorewall-specific, but I thought it could be of
interest to the mailing list.
I use shorewall's rtrules file to route to different providers.
I also do the same on the command line with:
ip rule del pref 11400
ip rule add pref 11400 from 10.215.144.7 to 10.0.0.0/8
Brian J. Murrell wrote:
> On Sun, 2015-09-27 at 08:46 -0700, Tom Eastep wrote:
>> Using SNAT and packet marking, you can do the same thing on your
>> router
>> with IPv6 as you can with IPv4, AFAIK.
I was under the impression that while NAT had originally been defined, it was
deprecated ages ag
On Sun, 2015-09-27 at 08:46 -0700, Tom Eastep wrote:
> Using SNAT and packet marking, you can do the same thing on your
> router
> with IPv6 as you can with IPv4, AFAIK.
Yes, I had considered that. But the idea of IPv6 eliminating NAT is so
magnificent. :-)
Cheers,
b.
signature.asc
Descriptio
On 9/27/2015 8:37 AM, Brian J. Murrell wrote:
> On Sat, 2015-09-26 at 18:16 -0700, Tom Eastep wrote:
>
>> I'm afraid that I'm not following you -- the only difference between
>> Shorewall's IPv4 and IPv6 support in this area is that IPv4 supports
>> multi-hop routes and IPv6 doesn't; and that's a
On Sat, 2015-09-26 at 18:16 -0700, Tom Eastep wrote:
> I'm afraid that I'm not following you -- the only difference between
> Shorewall's IPv4 and IPv6 support in this area is that IPv4 supports
> multi-hop routes and IPv6 doesn't; and that's a kernel limitation.
It's not really a technical IPv4
Brian J. Murrell wrote:
> But this really does dovetail with the message I posted prior about
> losing the ability to set policy about which ISPs your LAN clients will
> use on the Shorewall router when your LAN hosts are fully routed via
> multiple providers. The only way I could see getting th
On 9/26/2015 4:48 PM, Brian J. Murrell wrote:
> But this really does dovetail with the message I posted prior about
> losing the ability to set policy about which ISPs your LAN clients will
> use on the Shorewall router when your LAN hosts are fully routed via
> multiple providers. The only way I
On Sat, 2015-09-26 at 14:33 -0700, Tom Eastep wrote:
> Here is the way that I do it. My LAN has addresses in network
> 2001:470:b:787::/64.
> #NAME NUMBER MARKDUPLICATE INTERFACE
> GATEWAY
> OPTIONS COPY
> HE2 4 0x100 -
On 9/26/2015 2:33 PM, Tom Eastep wrote:
> On 9/26/2015 11:50 AM, Brian J. Murrell wrote:
>> On Sat, 2015-09-26 at 19:30 +0100, Simon Hobson wrote:
>>> Brian J. Murrell wrote:
>>>
... there doesn't seem to be any mechanism in place in
Shorewall to ensure that packets from the LAN with a s
On 9/26/2015 11:50 AM, Brian J. Murrell wrote:
> On Sat, 2015-09-26 at 19:30 +0100, Simon Hobson wrote:
>> Brian J. Murrell wrote:
>>
>>> ... there doesn't seem to be any mechanism in place in
>>> Shorewall to ensure that packets from the LAN with a source IP
>>> address
>>> in ISP A's address spa
On Sat, 2015-09-26 at 19:30 +0100, Simon Hobson wrote:
> Brian J. Murrell wrote:
>
> > ... there doesn't seem to be any mechanism in place in
> > Shorewall to ensure that packets from the LAN with a source IP
> > address
> > in ISP A's address space are actually directed out of the ISP A
> > inte
Brian J. Murrell wrote:
> ... there doesn't seem to be any mechanism in place in
> Shorewall to ensure that packets from the LAN with a source IP address
> in ISP A's address space are actually directed out of the ISP A
> interface.
http://www.shorewall.net/manpages6/shorewall6-providers.html
When one has multiple upstream IPv6 (can happen with IPv4 also if you
happen to have routable IPv4 space in your LAN from your ISP rather
than NATting on a single address -- but this is probably pretty rare)
connections, there doesn't seem to be any mechanism in place in
Shorewall to ensure that pa
13 matches
Mail list logo
