>> Also, how can I correctly configure the routing tables? Given the >> above example, should I remove 10.215.224.0/20 from the "main" >> routing table > > Yes.
>
>> and add the following to "routes"?>>
>> CAIB 10.215.224.0/20 $ADDR_GW_CAIB $IF_CAIB
>> IBS 10.215.224.0/20 $ADDR_GW_IB $IF_IBS
>>
> Those aren't necessary -- you have default routes through the providers.
>
> Add this in /etc/shorewall/mangle:
>
> INLINE(MARK(1)):P 10.215.247.194 10.215.236.221 ; \
> -m statistic --mode random --probability 0.50
> MARK(2):P 10.215.247.194 10.215.236.221 { test=0/0xff }
I'm getting this error:
ERROR: Invalid column/value pair (-m) /opt/fw/mangle.include (line 5)
from /etc/shorewall/mangle (line 3)
[ !! ]
In any case, I still don't quite understand how routing and providers work.
Let's keep it simple and forget the above mangle rule for clarity's sake. Let's
just say that I define 2 providers CAIB and IBS, both of which provide access
to remote 10.215.224.0/20, and I want "lan" zone hosts to access the remote
network either via CAIB or IBS.
Tests performed:
traceroute from 10.215.144.8 (lan zone) to:
8.8.8.8 (wan zone) [worked as expected]
10.215.236.221 (should be caib zone) [FAILED]
10.215.237.237 (should be caib zone) [FAILED]
traceroute from 10.215.247.194 (lan zone) to:
10.215.236.221 (should be ibs zone) [worked as expected]
10.215.237.237 (should be caib zone) [FAILED]
I'm attaching the new Shorewall dump.
"from 10.215.247.194 (lan zone) to 10.215.236.221 (ibs zone)" works because
it's defined in rtrules.
BTW even if I add this to "routes":
CAIB 10.215.224.0/20 $ADDR_GW_CAIB $IF_CAIB
IBS 10.215.224.0/20 $ADDR_GW_IB $IF_IBS
I still get the same test results (failure to access either via CAIB or IBS).
Thanks for your time,
Vieri
shorewall_dump.gz
Description: application/gzip
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
