I am again faced with routing traffic out a gateway on my lan interface
within the same subnet. Some time ago
I got this to work. When I enter ISP3 in providers which is this gateway in
my lan. Marking in the output chain
continues to work. However it seems to break packet marking in the
prerouting chain. I have commented out the
offending ISP for now. And I am open to any ideas to do this a better way.
I tried to talk this ISP into giving me
different private IP's. The ISp in providers is an MPLS cloud.
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
COPY
rea 1 256 main eth0 205.134.193.137
track,balance eth3
atg 2 512 main eth1 64.42.53.201
track,balance eth3
#pay 3 768 main eth3 10.19.227.254
track,balance eth3
Gate:~ # shorewall show routing
Shorewall 4.4.19.3 Routing at Gate - Sat May 14 13:21:01 PDT 2011
Routing Rules
0: from all lookup local
1000: from all to 10.194.244.0/24 lookup main
1000: from all to 10.194.79.0/24 lookup main
1000: from all to 10.192.139.0/24 lookup main
1000: from all to 10.5.198.0/24 lookup main
1000: from all to 10.143.99.0/24 lookup main
1000: from all to 10.10.182.0/24 lookup main
1000: from all to 208.67.188.32/27 lookup main
10000: from all fwmark 0x100/0xff00 lookup rea
10001: from all fwmark 0x200/0xff00 lookup atg
20000: from 205.134.193.138 lookup rea
20256: from 64.42.53.204 lookup atg
32766: from all lookup main
32767: from all lookup default
Table atg:
10.19.227.254 dev eth3 scope link src 10.19.227.20
64.42.53.201 dev eth1 scope link src 64.42.53.204
64.42.53.200/29 dev eth1 proto kernel scope link src 64.42.53.204
192.168.50.0/24 dev eth3 proto kernel scope link src 192.168.50.1
10.10.182.0/24 via 10.19.227.254 dev eth3
10.194.244.0/24 via 10.19.227.254 dev eth3
10.192.139.0/24 via 10.19.227.254 dev eth3
10.19.227.0/24 dev eth3 proto kernel scope link src 10.19.227.20
default via 64.42.53.201 dev eth1 src 64.42.53.204
Table default:
Table local:
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 10.19.227.0 dev eth3 proto kernel scope link src 10.19.227.20
broadcast 205.134.193.143 dev eth0 proto kernel scope link src
205.134.193.138
local 172.16.2.1 dev tun5 proto kernel scope host src 172.16.2.1
local 192.168.50.1 dev eth3 proto kernel scope host src 192.168.50.1
broadcast 205.134.193.136 dev eth0 proto kernel scope link src
205.134.193.138
broadcast 192.168.50.0 dev eth3 proto kernel scope link src 192.168.50.1
local 172.16.10.1 dev tun6 proto kernel scope host src 172.16.10.1
local 205.134.193.138 dev eth0 proto kernel scope host src
205.134.193.138
local 10.19.227.20 dev eth3 proto kernel scope host src 10.19.227.20
local 64.42.53.204 dev eth1 proto kernel scope host src 64.42.53.204
local 64.42.53.204 dev eth2 proto kernel scope host src 64.42.53.204
broadcast 10.19.227.255 dev eth3 proto kernel scope link src
10.19.227.20
broadcast 64.42.53.207 dev eth1 proto kernel scope link src 64.42.53.204
local 172.16.3.1 dev tun2 proto kernel scope host src 172.16.3.1
broadcast 64.42.53.200 dev eth1 proto kernel scope link src 64.42.53.204
local 127.0.0.2 dev lo proto kernel scope host src 127.0.0.1
broadcast 192.168.50.255 dev eth3 proto kernel scope link src
192.168.50.1
local 172.16.9.1 dev tun3 proto kernel scope host src 172.16.9.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 172.16.15.1 dev tun4 proto kernel scope host src 172.16.15.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
205.134.193.137 dev eth0 scope link src 205.134.193.138
172.16.10.2 dev tun6 proto kernel scope link src 172.16.10.1
172.16.2.2 dev tun5 proto kernel scope link src 172.16.2.1
10.19.227.254 dev eth3 scope link src 10.19.227.20
172.16.15.2 dev tun4 proto kernel scope link src 172.16.15.1
64.42.53.201 dev eth1 scope link src 64.42.53.204
172.16.9.2 dev tun3 proto kernel scope link src 172.16.9.1
172.16.3.2 dev tun2 proto kernel scope link src 172.16.3.1
205.134.193.136/29 dev eth0 proto kernel scope link src 205.134.193.138
64.42.53.200/29 dev eth1 proto kernel scope link src 64.42.53.204
192.168.100.0/24 via 172.16.2.2 dev tun5
192.168.50.0/24 dev eth3 proto kernel scope link src 192.168.50.1
10.10.182.0/24 via 10.19.227.254 dev eth3
10.194.244.0/24 via 10.19.227.254 dev eth3
10.194.79.0/24 via 172.16.10.2 dev tun6
10.192.139.0/24 via 10.19.227.254 dev eth3
10.4.138.0/24 via 172.16.15.2 dev tun4
10.19.227.0/24 dev eth3 proto kernel scope link src 10.19.227.20
10.5.198.0/24 via 172.16.9.2 dev tun3
10.143.99.0/24 via 172.16.3.2 dev tun2
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default
nexthop via 205.134.193.137 dev eth0 weight 1
nexthop via 64.42.53.201 dev eth1 weight 1
Table rea:
205.134.193.137 dev eth0 scope link src 205.134.193.138
10.19.227.254 dev eth3 scope link src 10.19.227.20
205.134.193.136/29 dev eth0 proto kernel scope link src 205.134.193.138
192.168.50.0/24 dev eth3 proto kernel scope link src 192.168.50.1
10.10.182.0/24 via 10.19.227.254 dev eth3
10.194.244.0/24 via 10.19.227.254 dev eth3
10.192.139.0/24 via 10.19.227.254 dev eth3
10.19.227.0/24 dev eth3 proto kernel scope link src 10.19.227.20
169.254.0.0/16 dev eth0 scope link
default via 205.134.193.137 dev eth0 src 205.134.193.138
Gate:~ # ^C
Gate:~ #
Mike
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
