Beta 4 is now available for testing. Problems Corrected:
1) Previously, if USE_DEFAULT_RT=Yes and 'loose' was specified on all
providers, then no routing rule targeting the main routing table
was generated. This has been corrected so that USE_DEFAULT_RT=Yes
always results in such a rule at priority 999.
New Features:
1) Note: While the PROBABILITY column in the tcrules file has been
retained, the following feature is much easier to use than the
method documented in the 4.5.0 Beta 3 release notes.
An alternative to the balance=<weight> option in the providers file
is now available. This alternative works when there are multiple
links to the same ISP where both links use an Ethernet interface
(as opposed to PPP0E) and have the same default gateway.
As part of this change, the generated firewall script now
automatically maintains the
/var/lib/shorewall[6][-lite]/interface.status files used by SWPING
and by LSM.
See http://www.shorewall.net/MultiISP.html#load for additional
information.
Example that sends 1/3 of the connections to the ComcastC provider
and the rest to ComcastB:
/etc/shorewall/shorewall.conf
MARK_IN_FORWARD_CHAIN=No
...
USE_DEFAULT_RT=Yes
/etc/shorewall/providers:
#NAME NUMBER MARK DUP INTERFACE GATEWAY OPTIONS
ComcastB 1 - - eth1 70.90.191.126\
loose,balance,load=0.66666667
ComcastC 2 - - eth0 67.170.120.1\
loose,fallback,load=0.33333333
Note: The 'loose' option is specified so that the compiler will not
generate and rules based on interface IP addresses. That way
we have complete control over the priority of such rules
through entries in the rtrules file.
/etc/shorewall/rtrules
#SOURCE DEST PROVIDER PRIORITY
70.90.191.120/29 - ComcastB 1000
ð0 - ComcastC 1000
Note: eth0 has a dynamic address, so ð0 is used in the SOURCE
column.
Note: Priority = 1000 means that these rules will come before rules
that select a provider based on marks.
2) The Shorewall files in /etc/default and /etc/sysconfig now support
two new options that affect how '/etc/init.d/shorewall start'
and '/etc/init.d/shorewall restart' behave:
STARTOPTIONS -- options to the start commmand.
RESTARTOPTIONS -- options to the restart command.
For example, if you always want 'start' to flush the conntrack
table, then you would have:
STARTOPTIONS="-p"
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
