Tom Eastep wrote:
>
>> So, what's the difference between defining routing on linux ("route add
>> -net....") and using /etc/shorewall/route_roules? Is there any advantage
>> to use the one or other?
> They do totally different things. "route add" (which is deprecated in favor
> of "ip route add") adds an entry to a routing table. Entries in
> /etc/shorewall/route_rules add routing rules -- the two are different
> things. Routing rules determine which routing table(s) is(are) used to route
> a packet. Routing table entries determine that actual routing.
>
Tom, thank you for clarifying this. I'm sorry, I grew up with HP-UX and
the use of the command "ip" instead of "ifconfig" and "route" is still
somewhat odd to me. So, let me recapitulate this.
On startup, Shorewall copies the appropriate entries from the main
routing table to new routing tables, one for each provider, and inserts
a default route to every, pointing to each providers gateway. These
routing tables can be listed with the command "ip route list table X",
where X is the number of the provider in /etc/shorewall/providers.
Entries in /etc/shorewall/route_roules determine, to which provider
packets are routed to (in case packets aren't already marked due to
connection tracking), using this providers routing table. The resulting
ruleset can be listed with the command "ip rule ls".
I hope, I got it now right.
Regards,
Christian
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
