shorewall-providers(5)

1shorewall-providers(5)                                  shorewall-providers(5)
2
3
4

NAME

6       providers - Shorewall Providers file
7

SYNOPSIS

9       /etc/shorewall/providers
10

DESCRIPTION

12       This file is used to define additional routing tables. You will want to
13       define an additional table if:
14
15       · You have connections to more than one ISP or multiple connections  to
16         the same ISP
17
18       · You  run  Squid as a transparent proxy on a host other than the fire‐
19         wall.
20
21       · You have other requirements for policy routing.
22
23       Each entry in the file defines a single routing table.
24
25       If you wish to omit a column entry but want to include an entry in  the
26       next column, use "-" for the omitted entry.
27
28       The columns in the file are as follows.
29
30       NAME — name
31              The  provider  name.  Must  be  a valid shell variable name. The
32              names 'local', 'main', 'default' and 'unspec' are  reserved  and
33              may not be used as provider names.
34
35       NUMBER — number
36              The  provider number -- a number between 1 and 15. Each provider
37              must be assigned a unique value.
38
39       MARK — value
40              A FWMARK value used in your shorewall-tcrules
41              ⟨shorewall-tcrules.html⟩  (5)  file  to  direct  packets to this
42              provider.
43
44              If HIGH_ROUTE_MARKS=Yes in shorewall.conf  ⟨shorewall.conf.html⟩
45              (5),  then  the  value must be a multiple of 256 between 256 and
46              65280 or their hexadecimal equivalents (0x0100 and  0xff00  with
47              the low-order byte of the value being zero). Otherwise, the val‐
48              ue must be between 1 and 255. Each provider must be  assigned  a
49              unique mark value.
50
51       DUPLICATE — routing-table-name
52              The  name of an existing table to duplicate to create this rout‐
53              ing table. May be main  or  the  name  of  a  previously  listed
54              provider.  You may select only certain entries from the table to
55              copy by using the COPY column below.
56
57       INTERFACE — interface
58              The name of the network interface to the provider. Must be list‐
59              ed in shorewall-interfaces ⟨shorewall-interfaces.html⟩ (5).
60
61       GATEWAY - {-|address|detect}
62              The IP address of the provider's gateway router.
63
64              You can enter "detect" here and Shorewall will attempt to detect
65              the gateway automatically.
66
67              For PPP devices, you may omit this column.
68
69       OPTIONS (Optional) — [-|option[,option]...]
70              A comma-separated list selected from the following. The order of
71              the  options  is not significant but the list may contain no em‐
72              bedded whitespace.
73
74              track  If specified, inbound connections on this  interface  are
75                     to  be  tracked  so that responses may be routed back out
76                     this same interface.
77
78                     You want to specify track if internet hosts will be  con‐
79                     necting to local servers through this provider.
80
81              balance[=weight]
82                     The  providers  that have balance specified will get out‐
83                     bound traffic load-balanced among them.  By default,  all
84                     interfaces  with  balance  specified  will  have the same
85                     weight (1). You can change the weight of an interface  by
86                     specifiying  balance=weight where weight is the weight of
87                     the route out of this interface.
88
89              loose  Shorewall normally adds a routing rule for  each  IP  ad‐
90                     dress  on  an interface which forces traffic whose source
91                     is that IP address to be sent using the routing table for
92                     that  interface.  Setting loose prevents creation of such
93                     rules on this interface.
94
95              optional
96                     If the interface named in the INTERFACE column is not  up
97                     and  configured  with  an  IPv4  address then ignore this
98                     provider.
99
100       COPY — [{none|interface[,interface]...}]
101              A comma-separated list of other  interfaces  on  your  firewall.
102              Wildcards specified using an asterisk ("*") are permitted (e.g.,
103              tun* ). Usually used only when DUPLICATE  is  main.   Only  copy
104              routes  through INTERFACE and through interfaces listed here. If
105              you only wish to copy routes through INTERFACE,  enter  none  in
106              this column.
107

EXAMPLES

109       Example 1:
110              You  run  squid in your DMZ on IP address 192.168.2.99. Your DMZ
111              interface is eth2
112
113                      #NAME   NUMBER  MARK DUPLICATE  INTERFACE GATEWAY       OPTIONS
114                      Squid   1       1    -          eth2      192.168.2.99  -
115
116       Example 2:
117              eth0  connects  to  ISP  1.  The   IP   address   of   eth0   is
118              206.124.146.176  and  the  ISP's  gateway  router has IP address
119              206.124.146.254.
120
121              eth1 connects to ISP 2. The IP address of eth1 is  130.252.99.27
122              and the ISP's gateway router has IP address 130.252.99.254.
123
124              eth2 connects to a local network.
125
126                      #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY          OPTIONS            COPY
127                      ISP1  1       1    main      eth0      206.124.146.254 track,balance      eth2
128                      ISP2  2       2    main      eth1      130.252.99.254  track,balance      eth2
129

FILES

131       /etc/shorewall/providers
132

NAME

SYNOPSIS

DESCRIPTION

EXAMPLES

FILES

SEE ALSO