> Here's what we can do: > > a) Make both CAIB and IBS 'fallback' providers. That will generate a > multi-path route in the 'default' table. > > b) Add a rule with priority 998 that routes traffic that you want > balanced between the two via the default table.
I configured shorewall as you suggested and it works great for balanced traffic, thanks. By the way could future shorewall releases enable specifying "default" table in rtrules? However, since shorewall generates the following priorities and "providers" always come after "main", I'm having trouble with packet marking in "mangle" (ie. forcing specific traffic out a single provider): # ip rule list 0: from all lookup local 1: from all fwmark 0x200/0x200 lookup Tproxy 220: from all lookup 220 300: from 10.215.247.194 to 10.215.236.221 lookup IBS 998: from 10.215.144.48 to 10.215.237.237 lookup default 999: from all lookup main 10000: from all fwmark 0x1/0xff lookup WAN 10001: from all fwmark 0x2/0xff lookup CAIB 10002: from all fwmark 0x3/0xff lookup IBS 32765: from all lookup balance 32767: from all lookup default So a simple solution was to run the following on the main table: ip route del 10.215.0.0/16 dev enp5s3 proto kernel scope link src 10.215.144.91 ip route add 10.215.144.0/22 dev enp5s3 proto kernel scope link src 10.215.144.91 ip route add 10.215.246.0/23 dev enp5s3 proto kernel scope link src 10.215.144.91 ip route add 10.215.248.0/24 dev enp5s3 proto kernel scope link src 10.215.144.91 That got rid of my issues. Now I just have to figure out how to do that automatically in my distribution because I don't think shorewall set the 10.215.0.0/16 route. Vieri ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
