Christian Vieser wrote: > Hello all, > > after reading all the Shorewall documentation about multi-ISP and > routing some questions remain. > > I have a Shorewall system running connected to two ISPs. Up to now I use > static routes, defined in the linux system, and a default route pointing > to one of the interfaces. I don't use the "balance" option in > /etc/shorewall/providers (yes, and don't use the "routefilter" option on > interfaces). > > Now we will extend our bandwith with a third ISP line. What I now want > is a load balance on two of the interfaces and some dedicated traffic on > the third. As I understood the documentation, all I have to do for this > is to add the "balance" option to the desired provider lines and to > delete the single default route in linux (since it is inserted by > Shorewall anyway for each provider line). Am I right up to here?
No. The default route added by Shorewall is in the provider's routing table,
not in the main routing table. It is necessary if you are going to use that
table for anything. In this case, you probably don't want to specify
'balance' on the third line that you want to use for special purposes. That
way, it won't get added as one of the options in the main table's default route.
Did I forget anything?
You then need to add either tcrules or route_rules to direct the desired
traffic to the third line.
>
> So, what's the difference between defining routing on linux ("route add
> -net....") and using /etc/shorewall/route_roules? Is there any advantage
> to use the one or other?
>
They do totally different things. "route add" (which is deprecated in favor
of "ip route add") adds an entry to a routing table. Entries in
/etc/shorewall/route_rules add routing rules -- the two are different
things. Routing rules determine which routing table(s) is(are) used to route
a packet. Routing table entries determine that actual routing.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
