On 02/17/2016 08:58 AM, Tom Eastep wrote: > On 02/17/2016 07:45 AM, Steve Wray wrote: > >> We use shorewall TProxy to do some transparent proxying (of clients >> coming in via haproxy, so that the back-end servers can see the client >> IP address rather than the haproxy IP address). Part of the problem I've >> encountered is that either Shorewall does the whole thing or we do the >> policy routing and transparency outside of Shorewall or we stop >> shorewall managing the /etc/iproute2/rt_tables file (This is in Debian >> 8) and do them separately, its getting ugly. >> >> xxx.xxx.xxx.121 and/or xxx.xxx.xxx.122 are local addresses assigned to >> eth2, however its under keepalived and .122 is the floating IP. >> >> The routing table looks like this: >> >> 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.8 >> xxx.xxx.xxx.112/28 dev eth1 proto kernel scope link src xxx.xxx.xxx.118 >> xxx.xxx.xxx.112/28 dev eth2 proto kernel scope link src xxx.xxx.xxx.121 >> 224.0.0.0/4 dev eth1 scope link >> > > Shorewall cannot replicate this routing configuration, because there is > no default route in this table. Shorewall's policy routing only handles: > > - Multiple active uplinks > - TProxy > - HAProxy transparent mode (Added in 5.0.4) >
We are about to release Shorewall 5.0.5, but Shorewall 5.0.6 will include support for routing tables with no default route. HTH, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
