1shorewall-route_rules(5)                              shorewall-route_rules(5)
2
3
4

NAME

6       route_rules - Shorewall Routing Rules file
7

SYNOPSIS

9       /etc/shorewall/route_rules
10

DESCRIPTION

12       Entries in this file cause traffic to be routed to one of the providers
13       listed in shorewall-providers ⟨shorewall-providers.html⟩ (5).
14
15       The columns in the file are as follows.
16
17       SOURCE (Optional) — {-|interface|address|interface:address}
18              An ip address (network or host) that matches the source  IP  ad‐
19              dress  in  a  packet. May also be specified as an interface name
20              optionally followed by ":" and an address. If the device  lo  is
21              specified, the packet must originate from the firewall itself.
22
23       DEST (Optional) — {-|address}
24              An  ip address (network or host) that matches the destination IP
25              address in a packet.
26
27              If you choose to omit either SOURCE or DEST, place "-"  in  that
28              column. Note that you may not omit both SOURCE and DEST.
29
30       PROVIDER — {provider-name|provider-number|main}
31              The  provider to route the traffic through. May be expressed ei‐
32              ther as the provider name or the provider number.  May  also  be
33              main or 254 for the main routing table. This can be used in com‐
34              bination with VPN tunnels, see example 2 below.
35
36       PRIORITY - priority
37              The rule's numeric priority which determines the order in  which
38              the  rules  are processed. Rules with equal priority are applied
39              in the order in which they appear in the file.
40
41              1000-1999
42                     Before Shorewall-generated 'MARK' rules
43
44              11000-11999
45                     After 'MARK' rules but before  Shorewall-generated  rules
46                     for ISP interfaces.
47
48              26000-26999
49                     After ISP interface rules but before 'default' rule.
50

EXAMPLES

52       Example 1:
53              You  want all traffic coming in on eth1 to be routed to the ISP1
54              provider.
55
56                      #SOURCE                 DEST            PROVIDER        PRIORITY
57                      eth1                    -               ISP1            1000
58              .fi
59
60       Example 2:
61              You use OpenVPN (routed setup /tunX) in combination with
62              multiple providers. In this case you have to set up a rule to ensure
63              that the OpenVPN traffic is routed back through the tunX
64              interface(s) rather than through any of the providers. 10.8.0.0/24
65              is the subnet chosen in your OpenVPN configuration (server 10.8.0.0
66              255.255.255.0).
67
68                       #SOURCE                 DEST            PROVIDER        PRIORITY
69                       -                       10.8.0.0/24     main            1000
70              .fi
71

FILES

73       /etc/shorewall/route_rules
74

SEE ALSO

76       ⟨http://shorewall.net/MultiISP.html⟩
77
78       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
79       blacklist(5),  shorewall-hosts(5),  shorewall-interfaces(5), shorewall-
80       ipsec(5),  shorewall-maclist(5),  shorewall-masq(5),  shorewall-nat(5),
81       shorewall-netmap(5),  shorewall-params(5),  shorewall-policy(5), shore‐
82       wall-providers(5),  shorewall-proxyarp(5),   shorewall-routestopped(5),
83       shorewall-rules(5),  shorewall.conf(5),  shorewall-tcclasses(5), shore‐
84       wall-tcdevices(5), shorewall-tcrules(5),  shorewall-tos(5),  shorewall-
85       tunnels(5), shorewall-zones(5)
86
87
88
89                                  19 May 2008         shorewall-route_rules(5)