On Tue, 2008-07-01 at 07:12 -0700, Tom Eastep wrote: > Brian J. Murrell wrote: > > On Mon, 2008-06-30 at 20:45 -0700, Tom Eastep wrote: > >> I'm still willing to be convinced; but the 'provider tables contain > >> only default routes' approach is a dead end as far as I'm able to see. > > > > Yeah, it very well could be. I do recognize you are the word of > > experience here. But sometimes even hairbrained proposals sometimes > > make the experienced people think in ways or about solutions they had > > not considered before. I'll keep thinking about it. :-) > > Brian, > > I owe you an apology. I missed (or kept ignoring) the essential feature of > your proposal that *does* allow it to work; namely the way in which you > re-ordered the routing rules. I awoke this morning with the realization that > your proposal would work with the right rule ordering and when I looked at > your original post, there it was. I'm truly sorry for being so > dense/stubborn/whatever. > > So given that it can work, we need to decide what to do about it. I really > dislike the notion of two models for routing but I suspect that is the only > way in which I could implement this scheme without causing serious > compatibility issues. More thought needed. > > -Tom
OK, for those of us that are playing along at home ;-), to condense the thought, what we(?) would be looking at is a single "bal" table that has the default routes. The routing rules needed would point to the "main" routing table for the routes that would be "local" to the box (invert the logic, ie: ip rule to 10.3.0.10/24 lookup table main), while the routes via an isp that are "external" to the box would be directed to the "bal" (default?) table, (ie: ip rule to 0.0.0.0/0 lookup table bal), with the "ip rules" ordering winning the table race. I wonder if that is what the stock blank "default" table is meant for? (vpn routes would be considered local here). I like this, it *should* work kind of like the squid routing, point to a gateway(s) and the rest should just fall into line(with the routing rules in place), with much less code perhaps. Have you thought about what the routing rules might look like in this setup? Just my thoughts, Jerry ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
