Re: [Shorewall-users] route rules to bind source address to outgoing routes

Tom Eastep Sat, 26 Sep 2015 14:38:56 -0700

On 9/26/2015 11:50 AM, Brian J. Murrell wrote:
> On Sat, 2015-09-26 at 19:30 +0100, Simon Hobson wrote:
>> Brian J. Murrell <br...@interlinx.bc.ca> wrote:
>>
>>> ... there doesn't seem to be any mechanism in place in
>>> Shorewall to ensure that packets from the LAN with a source IP
>>> address
>>> in ISP A's address space are actually directed out of the ISP A
>>> interface.
>>
>> http://www.shorewall.net/manpages6/shorewall6-providers.html
> 
> Thanks.  I'm well aware of the manpage and read it before coming here. 
>  So what did I miss in there that specifically directs the creation of
> "ip -6 rule"s forcing the source addresses used by LAN clients out via
> the providers' interface?


Here is the way that I do it. My LAN has addresses in network
2001:470:b:787::/64.

root@gateway:~# cat /etc/shorewall6/providers
#
# Shorewall6 version 4 - Providers File
#
# For information about entries in this file, type "man
shorewall6-providers"
#
# For additional information, see http://shorewall.net/MultiISP.html
#
############################################################################################################
#NAME           NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY
                OPTIONS         COPY
HE2             4       0x100   -               sit2\            -
                 track,balance,loose
HE1             5       0x200   -               sit1\            -
 -               track,fallback,loose
root@gateway:~# cat /etc/shorewall6/rtrules
#
# Shorewall6 version 4 - route_rules File
#
# For information about entries in this file, type "man
shorewall6-route_rules"
#
# For additional information, see http://www.shorewall.net/MultiISP.html
##############################################################################
#SOURCE                 DEST                    PROVIDER        PRIORITY
2001:470:B:227::1/64    ::/0                    HE1             11000
2001:470:B:787::1/64    ::/0                    HE2             11000
root@gateway:~#

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] route rules to bind source address to outgoing routes

Reply via email to