I don't have a providers file but I do have two internet providers and use
ipsets. Perhaps this may help.
(Note I use variables defined in Shorewall params):
Shorewall mangle:
MARK($COMCAST_MARK1/$CONNMASK):P - +$COMCAST1_IPSET
ip rule:
.
.
10101: from all fwmark 0x4000/0x3ff00 lookup Comcast_ip1
If you run a Red Hat distro, you can create a file
/etc/sysconfig/network-scripts/rule-eth1 which will add
the rule when the interface comes up:
fwmark 0x4000/0x3f000 lookup Comcast_ip1 pri 10101
and /etc/sysconfig/network-scripts/route-eth1:
default via 173.xxx.y.254 dev ccast proto static src 173.xxx.y.249
and of course, your table name(Comcast_ip1) has to be defined in
/etc/iproute2/rt_tables.
So in the mangle rule instead of +$COMCAST1_IPSET, you would use +unitelusers.
Perhaps you
can translate this into provider marks. Set the rule priority appropriately
also.
One additional thought: you might mark your low priority services to use your
2nd ISP and just wait
until it comes back up:
Shorewall mangle:
MARK($BUDGET_ISP/$CONNMASK) $FW - tcp smtp
HTH,
Bill
On 5/5/2017 8:23 PM, Tom Eastep wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 05/05/2017 09:52 AM, Norman Henderson wrote:
>> Are ipsets not supposed to work with route_rules, or am I missing
>> something?
>>
> Ipsets are not supported in rtrules -- this is a Linux networking
> restriction, independent of Shorewall.
>
> - -Tom
> - --
> Tom Eastep \ Q: What do you get when you cross a mobster with
> Shoreline, \ an international standard?
> Washington, USA \ A: Someone who makes you an offer you can't
> http://shorewall.net \________________________________________________
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJZDReHAAoJEJbms/JCOk0QIXMP/RpLh6Dl5fjOw9AwaN0nqlvY
> NUw6OOpc3gJJoH+yvNFVIs8d5jl/+kGVLJuWE4qBz2Br59T5upFn9AUtocX31H0K
> N7zpc4OU9trx2arnPVVdvR8xksPi0ZtTF7hvkz0B3ce2cgKOh2SeSR3xMRxQkOCc
> VMUSckhQ0niz/9txk1BxKV1rG3+5x+pbpPNdI4GN0HHICafTBihJiauJ1gxz54qj
> 00k3PhdNIZWCdiwdi8Z/Y3OuSzIXuPK6paET6LtfFI9GpwkQ+7kz2NE7QSyUX8Xc
> hKeKzWw7nQSsKLdhRwcZBkU0xFhBHdCqZkespBTtpzVnnlJSfJ1cyrBqTz4ExP+2
> L3oBc0RNi0iSv5nPnf3ri7kJMBiJfuNVJc6yEnPx+Sr8n+BezMIudW9Q3F/zZqRI
> YWDm/OyhYmiUSpMXta4VwJlF1g2V1xvt/e4pAhXdYUJKLxjlRI5k5WdzDyMKxfoP
> 3NuwBPZe5M4D5vRbgcmb95YMrZO5FPWqJADuQWppi3QEfHRm7qEWWFH1vZBAjsl6
> DpsSYh2GzwRXJaLZ7M4eHILWceKhNtfxJ3uqMiW0aQr8LnSFh/lsTukTSDz1IrEd
> cqtrX2MdV6Iu37bjM/FnTXnlmfZu/jR2wzj6x3/9YNa5qFJW6EAEopzolWqF2I0Y
> ABWSWQ+a9bJfni7AgqtV
> =Vgt3
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
