-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2/25/20 12:51 PM, Axel Zöllich wrote: > Hi, > > I've got two routers with two internet connections and two openvpn > tunnels in between them. And I'ld like to do some traffic shaping? > to send only traffic between A 192.168.223.0/24 and two distinct B > IPs (192.168.222.75 and 192.168.222.251) through the A1 B2 low > latency tunnel. All other traffic between 192.168.222.0/24 and > 192.168.223.0/24 should use the A2 B2 tunnel > > How can I achieve this with shorewall? > > > router A connected to the internet via A1 SDSL (low latency) and A2 > LTE (high bandwidth) connection router B connected to the internet > via B1 SDSL (low latency) and B2 ADSL (high bandwidth) connection > > A: providers netco 2 0x200 - eth4 > 212.117.77.201 balance=3 - tcom 3 0x300 - > eth3 10.110.0.1 balance=1 - > > tcrules 0x300:P 0.0.0.0/0 0x300 $FW 0x200:P - > 212.117.77.218 0x200 $FW 212.117.77.218 > > B: providers netco 2 0x200 - eth4 > 212.117.77.217 balance=1 - netco2 3 0x300 - > eth2 89.1.45.57 balance=1,track - > > tcrules 0x300:P 0.0.0.0/0 0x300 $FW 0x200:P - > 212.117.77.202 0x200 $FW 212.117.77.202 > > > private network behind A 192.168.223.0/24 private network behind B > 192.168.222.0/24 > > there are two openvpn tunnels in between the two routers first via > interfaces A1 and B1 (the SDSL low latency connections) second via > interfaces A2 and B2 >
Unfortunately, Shorewall's provider mechanism only deals with uplinks (interfaces hosting a default route) and not VPNs. IPSec can do what you want, however. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl5ZY8oACgkQluaz8kI6 TRAq8hAApBsTdA7bZyt1PQ7aF/24wETigcMDq7acE2Myjq1+QPMIkFPw7ahDISrU H40p5gkjpl1vHZODIFeAeQDk/4EgDpkGKO01yC/4bA5XeX0kys3xuR6J9AC9VXV1 PYduSE8Tauvk7EpNVsI524r4HYcERFcya38rRzXmTy5VAKt01a0nwKqFlykqpUpo p74Ce7GRTSse77FyCgK/gI6e6BHkQ9J5WO1pX59ngfDX2jBe+BpCyjKTbDnDmArz WDzDvkYQwdF3U0vCuAXYzMiaDXT61ekgc1OGHRaPFwbmxp/GjmA9GjAHfhpSeYLY aTHGwcZUu7TfQy+laBhfvHenieQgnMyXM250i2ml9dQQJ0R7jKcjb3uY/dxeRXuD EpOnpA/1y84lC5EwB98JvxM8BOmVaxb9VUI6OYAVspQkYFtJaRKU4sbwYajQITym Vak0sle2g33106WFgTFkdRqqZEg2zFPZkWEvlvARMLHTYe23werhjmdnmWKw2SIZ MTJFNEUZ2UZ21v4aFTgEzsgVROcj9MDclLFM5nABXJvpG5BNRy0GaRPLX1Q+rXb1 G4wPBw/O2GU58gbDoKbURFK43VbQwXjgoQoTu5YpIbZJfbQ3v57HfO3TKbuY6p/Z CF1daqFpHHKh+8JnGkk9rZlA8r7NYb4sgFptrfOzexFvUOcxbf8= =deI7 -----END PGP SIGNATURE----- _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
