Hi, On Thu, Oct 31, 2019 at 9:47 PM Tom Eastep <teas...@shorewall.net> wrote: > > You have a large number of routing rules with priorities >= 11000; > trying to route to any of the networks referenced in those rules is is > not possible for packets that originate from the another provider, > because the fwmark rules with priorities in the 10000-10999 range will > override those rules for such traffic. > > Those rules should really be replaced with routes in your main routing > table. It would make routing to those networks faster and would allow > inter-provider traffic.
The advantage of using route rules is that I can use "priority blocks" and insert a rule dynamically without the need to reload shorewall. Static routes in the main table don't allow me to "insert" a route on the fly. I would need to reload it. I understand I can use the priority range 1000-1999 for "Before Shorewall-generated 'MARK' rules". So I used this rule successfully for inter-provider traffic: 1000: from 10.215.144.92 to TARGET_IP_ADDR_OR_NETWORK lookup IBS In any case, I'm curious to see how much faster is routing via the main table vs. routing rules and if it's worth it. I'll do some testing. Thanks, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
