Jerry Vonau wrote:
The routing rules are in the same order, just with different values, I'm wondering if the "from <ip> lookup <table>" rules are even need/wanted. When a connection is from the fw to a host that is on the same lan as a gateway, I not sure with out testing, if that would mess up the the ip rule lookup for that target's ip, given that there is no route in the providers table, other that the host route to the gateway, or would anearlier ip rule cover it? (OK, I'm a bit rusty...)
If there is a route out of the interface for other networks, then the packet will be routed by the main table. By the time we have passed through the main table, the packet is going to be routed by a default route. Those "<from <ip> lookup <table> rules" are there to make clients that bind to a particular local IP work reasonably.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
