Brian J. Murrell wrote: > > The problem is that the content of those provider tables is dynamic > also. As I understand it, each provider table is essentially a copy of > the main table (so all known routing entries) minus any entries which > are a result of other providers. So given a situation where a > non-provider based interface (i.e. VPN) and/or routes show up, the > provider tables need to all be updated.
No. Not if you have a routing rule that directs all traffic to VPN addresses through the main table. That's why I added the route_rules file in the first place. > > Maybe there is a better way to do it than shorewall currently > implements. It would indeed be good if the provider tables could > somehow only need the relevant entries for what it's providing. Maybe > put the non-provider table before it in the routing rule list. Not > really sure. The problem is that: a) Provider tables must include a default route so they are always terminating (packets never fall off the end and go to another routing table). b) Packets must be marked *before* they are routed to direct them to a particular provider. So if you mark a packet to associate it with a particular provider then it *will* be routed using that provider's table unless there is a routing rule before the mark-based ones that sends the packet through a different table. That's why Shorewall copies routes out of other interfaces (given by the COPY column) into provider tables; it avoids having to have rules which essentially duplicate most of the main table. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
