Jerry Vonau wrote:
OK, for those of us that are playing along at home ;-), to condense the thought, what we(?) would be looking at is a single "bal" table that has the default routes. The routing rules needed would point to the "main" routing table for the routes that would be "local" to the box (invert the logic, ie: ip rule to 10.3.0.10/24 lookup table main), while the routes via an isp that are "external" to the box would be directed to the "bal" (default?) table, (ie: ip rule to 0.0.0.0/0 lookup table bal), with the "ip rules" ordering winning the table race.
Exactly.
I wonder if that is what the stock blank "default" table is meant for? (vpn routes would be considered local here).
I suspect so.
I like this, it *should* work kind of like the squid routing, point to a gateway(s) and the rest should just fall into line(with the routing rules in place), with much less code perhaps. Have you thought about what the routing rules might look like in thissetup?
Attached is a copy of what I have running currently. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Shorewall 4.2.0-Beta2 Routing at ursa - Tue Jul 1 11:16:01 PDT 2008
Routing Rules
0: from all lookup local
32766: from all lookup main
35000: from all to 206.124.146.179 lookup linksys
40000: from all fwmark 0x1 lookup linksys
40001: from all fwmark 0x2 lookup shorewall
50000: from 172.20.1.102 lookup linksys
50256: from 192.168.1.5 lookup shorewall
65535: from all lookup default
Table default:
default
nexthop via 172.20.1.1 dev wlan0 weight 1
nexthop via 192.168.1.254 dev eth0 weight 2
Table linksys:
172.20.1.1 dev wlan0 scope link src 172.20.1.102
default via 172.20.1.1 dev wlan0 src 172.20.1.102
Table local:
local 172.20.1.102 dev wlan0 proto kernel scope host src 172.20.1.102
local 192.168.0.254 dev br0 proto kernel scope host src 192.168.0.254
broadcast 192.168.1.0 dev eth0 proto kernel scope link src 192.168.1.5
broadcast 192.168.0.255 dev br0 proto kernel scope link src 192.168.0.254
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 192.168.1.5 dev eth0 proto kernel scope host src 192.168.1.5
broadcast 172.20.1.0 dev wlan0 proto kernel scope link src 172.20.1.102
broadcast 192.168.1.255 dev eth0 proto kernel scope link src 192.168.1.5
broadcast 192.168.0.0 dev br0 proto kernel scope link src 192.168.0.254
broadcast 172.20.1.255 dev wlan0 proto kernel scope link src 172.20.1.102
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.5
172.20.1.0/24 dev wlan0 proto kernel scope link src 172.20.1.102
192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.254
169.254.0.0/16 dev wlan0 scope link
127.0.0.0/8 dev lo scope link
Table shorewall:
192.168.1.254 dev eth0 scope link src 192.168.1.5
default via 192.168.1.254 dev eth0 src 192.168.1.5
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
