On Tue, 2008-02-12 at 18:30 +0000, Andrew Suffield wrote: > > Shorewall is a terrible solution to routing problems, it's just got a > handful of tricks that work for a few relatively common cases.
Agreed. I don't know that there is a better solution for the MultiISP problem though. The tricks shorewall has to play with provider routing tables and routing rules, etc. > If > you're doing anything complex with routing, you should be doing it > with something else (like quagga), and leave shorewall to the things > it's good at. That's a fair point, except that I don't know that quagga actually does anything to solve the problem. The problem being specifically, the management of multiple default routes on interface availability. AFAIK, quagga will not plumb default routes via a newly available interface and replumb routes when an interface goes away. Quagga will also not manage the required provider tables to ensure the symmetric routing that is required. > It is much easier to run shorewall alongside a real routing daemon > than it is to try doing all that stuff with just shorewall. I do run quagga on my gateway and would love it if quagga solved the problems, but AFAICT, it does not. :-( b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
