Tom Eastep wrote: > > All routes in the main table (or whatever table is mentioned in the > DUPLICATE column) have an associated interface. The way that Shorewall > builds the provider-specific routing tables is to copy entries from the > table specified in the DUPLICATE column. The COPY column specifies the > interfaces whose entries in the DUPLICATE table will be copied to the > provider-specific table. In other words, it names the interfaces which > could provide requests that could be routed out through the provider. > > Make sense? > > As I have hinted, I think that I probably got it wrong -- but it is what > we have currently so until 3.4, we must live with it. >
Every time I think about how this works, I forget one important point. Packet marking for routing must be done before we know where the packet is going (that's the point). Which means that traffic that is being marked may not be headed for the internet at all but may be routed out a local interface instead (a DMZ for example). That is another reason that each provider routing table must have the routes to all local interfaces. So I didn't get it wrong after all. About the only additional optimization that I could make would be to not mark packets from 'tracked' interfaces (just mark the connection). But that wouldn't remove the need for DUPLICATE and COPY columns in the file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
