Hi, My goal is to have 2 NICs associated to 2 providers for specific private IP address ranges (eg. all traffic to/from 10.215.224.0/20 should go through these two providers). Another NIC allows access to Internet and that should be the default route. The other NIC of course is connected to the local network.
At the moment I don't want to load-balance outgoing connections. I understand that I can force outbound connections with rtrules: 10.215.247.194 10.215.236.221 IBS 11000 - 10.215.224.0/20 CAIB 11001 So connections from "lan" src 10.215.247.194 to destination 10.215.236.221 will imperatively go via IBS provider. All other connections to 10.215.224.0/20 will go through CAIB provider. Now, suppose "providers" contains the following: CAIB 1 1 - $IF_CAIB $ADDR_GW_CAIB loose,track IBS 2 2 - $IF_IBS $ADDR_GW_IBS loose,track and the remote router behind IBS and CAIB decides to send a packet from 10.215.236.221 to 10.215.247.194 via the CAIB provider (new connection) then where will shorewall reply? If the "track" option is specified in "providers" then the packet will be MARKed with 1 in this case and I guess that it should go back out the CAIB provider DESPITE the rtrule shown above, right? However, "shorewall show routing" displays among other things: Routing Rules 0: from all lookup local 1: from all fwmark 0x200/0x200 lookup Tproxy 220: from all lookup 220 999: from all lookup main 10000: from all fwmark 0x1/0xff lookup CAIB 10001: from all fwmark 0x2/0xff lookup IBS 11000: from 10.215.247.194 to 10.215.236.221 lookup IBS 11001: from all to 10.215.224.0/20 lookup CAIB 32765: from all lookup balance 32767: from all lookup default Furthermore, table "default" is empty and table "main" has: default via 172.16.0.2 dev enp4s1 Note: 172.16.0.2 is my internet gateway. Trying to initiate from 10.215.247.194 to 10.215.236.221 does not go out the IBS provider, probably because we're reaching the "main" table and the default route to 172.16.0.2. Likewise, any incoming CAIB connections will hit the default internet gateway in "main" before looking up CAIB table. Would moving "default via 172.16.0.2 dev enp4s1 metric 4" from "main" to "default" make sense? If so, how can I do that? I'm attaching a shorewall dump. Thanks, Vieri
dump.gz
Description: application/gzip
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
