Hi,
I gave up on this issues. Here is my research...
(1) /etc/shorewall/route_rules
* It works but only per IP address or the entire LAN.
* It won't work per protocol or service based.
* Failover capability won't work
Eg:-
#SOURCE DEST PROVIDER PRIORITY
#192.168.2.10 - DSL 11000
#192.168.2.11 - T1 11001
Caution:
You have to make modifications to your load balancing/
failover script (gwping..etc) ELSE if there is a failover on DSL (as
shown above) line my route for the above machine still stays in the old
routing table. That is where the failover script should switch the route
to the other.
(2) /etc/shorewall/tcrules
This is supposed to work per protocol but I could never make it work.
Sample:-
#2:130 eth0 eth4 tcp - 873,21,22
Chakri
Gilberto Nunes wrote:
> Thanks Jerry
>
> You put some light on my darkness...
>
> But I have a doubt here:
>
> Where I declare the ISP 1 or 2? /etc/shorewall/providers?
>
> Another question:
>
> In this case, I have to send outgoing traffic through specific external IP.
>
> Let me explain.
>
> I have one LAN and two ISP, right?
>
> When some user behind Shorewall open your web browser or certain
> application, and enter a especific URL or Internet address, this traffic
> may be outgoing via ISP1, per example.
>
> Others traffic outgoinh via ISP2....
>
> Thanks
>
>
>
>
> 2008/10/24 Jerry Vonau <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
>
> Gilberto Nunes wrote:
> > Hi all and specially Mr. Tom....
> >
> > (Please, do not be acid with me please! I am only a newbie,
> trying learn
> > more about shorewall)
> >
> > I get involved with a Firewall Project in a customer here in my
> city...
> >
> > In this customer, he has two Internet Providers.
> >
> > So, he ask me how make certain connection following one routing
> path (like
> > RT_1) and others connections type, following the other routing
> path (like
> > RT_2).
> >
> > Let me try do a ascii art here:
> >
> >
> > ( I know is horrible think! rsrs I am not artist!)
> >
> > So, all traffic is pass by SHOREWALL MACHINE. ok!
> >
> > Some traffic have to out via ISP 1 and others traffic, will be
> out via ISP
> > 2.
> >
> > I am reading Multiple ISP docs, but it is not clearly for me
> >
> Right after one of the "WARNING"s on:
> http://www.shorewall.net/MultiISP.html
>
> Entries in /etc/shorewall/masq have no effect on which ISP a particular
> connection will be sent through. That is rather the purpose of entries
> in /etc/shorewall/tcrules or /etc/shorewall/route_rules. <<<<<<
>
> Now suppose that you want to route all outgoing SMTP traffic from your
> local network through ISP 2. You would make this entry in
> /etc/shorewall/tcrules (and if you are running a version of Shorewall
> earlier than 3.0.0, you would set TC_ENABLED=Yes in
> /etc/shorewall/shorewall.conf).
>
> #MARK SOURCE DEST PROTO PORT(S) CLIENT
> USER TEST
> # PORT(S)
> 2:P <local network> 0.0.0.0/0 <http://0.0.0.0/0>
> tcp 25
> "
>
> > So, I need some help with this.
> >
> > Can I use packet mark? How?
> >
> Depending on what you need to do, use entries in /etc/shorewall/tcrules
> or /etc/shorewall/route_rules.
>
> > In a traditional iptables rules, I use --set-mark.
> > But in a Shorewall enviroment, how can I take action with this
> iptables
> > rules?
> >
> More traffic marking info at:
> http://www.shorewall.net/traffic_shaping.htm
>
> > THanks for all response.
> >
> > Sorry for my poor english...
> >
> Hope this helps,
>
> Jerry
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in
> the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> <http://moblin-contest.org/redirect.php?banner_id=100&url=/>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> <mailto:Shorewall-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
