On Wed, 2007-12-05 at 16:41 +0100, Erwin Van de Velde wrote: > Hi all, > > I am trying to configure a firewall with 2 ISPs, difference between them is > the strictness of the firewall. some zones have to route via ISP1, some via > ISP2. > What do I need to put in the providers file? More in particular, what does > DUPLICATE do exactly and what should I put there?
Adding an entry to /etc/shorewall/providers creates a routing table. Now, a routing table is useless unless it is populated with routes. Shorewall will always add a default route via the GATEWAY to the table but you need additional routes if you specify the 'track' option. That is because when 'track' is specified, traffic entering the INTERFACE is routed using the provider's table. I regret having designed the facility in this way and I'm thinking of providing an option to change it in Shorewall 4.2. But in the mean time, when 'track' is given, you normally will want to copy the routes to your local networks into the provider's routing table. To do that, you enter 'main' in the DUPLICATE column and you list your local interfaces in the COPY column. That way, traffic entering a tracked interface can be routed to the local networks. HTH, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
