1shorewall-route_rules(5) shorewall-route_rules(5)
2
3
4
6 route_rules - Shorewall Routing Rules file
7
9 /etc/shorewall/route_rules
10
12 Entries in this file cause traffic to be routed to one of the providers
13 listed in shorewall-providers ⟨shorewall-providers.html⟩ (5).
14
15 The columns in the file are as follows.
16
17 SOURCE (Optional) — {-|interface|address|interface:address}
18 An ip address (network or host) that matches the source IP ad‐
19 dress in a packet. May also be specified as an interface name
20 optionally followed by ":" and an address. If the device lo is
21 specified, the packet must originate from the firewall itself.
22
23 DEST (Optional) — {-|address}
24 An ip address (network or host) that matches the destination IP
25 address in a packet.
26
27 If you choose to omit either SOURCE or DEST, place "-" in that
28 column. Note that you may not omit both SOURCE and DEST.
29
30 PROVIDER — {provider-name|provider-number|main}
31 The provider to route the traffic through. May be expressed ei‐
32 ther as the provider name or the provider number. May also be
33 main or 254 for the main routing table. This can be used in com‐
34 bination with VPN tunnels, see example 2 below.
35
36 PRIORITY - priority
37 The rule's numeric priority which determines the order in which
38 the rules are processed. Rules with equal priority are applied
39 in the order in which they appear in the file.
40
41 1000-1999
42 Before Shorewall-generated 'MARK' rules
43
44 11000-11999
45 After 'MARK' rules but before Shorewall-generated rules
46 for ISP interfaces.
47
48 26000-26999
49 After ISP interface rules but before 'default' rule.
50
52 Example 1:
53 You want all traffic coming in on eth1 to be routed to the ISP1
54 provider.
55
56 #SOURCE DEST PROVIDER PRIORITY
57 eth1 - ISP1 1000
58 .fi
59
60 Example 2:
61 You use OpenVPN (routed setup /tunX) in combination with
62 multiple providers. In this case you have to set up a rule to ensure
63 that the OpenVPN traffic is routed back through the tunX
64 interface(s) rather than through any of the providers. 10.8.0.0/24
65 is the subnet chosen in your OpenVPN configuration (server 10.8.0.0
66 255.255.255.0).
67
68 #SOURCE DEST PROVIDER PRIORITY
69 - 10.8.0.0/24 main 1000
70 .fi
71
73 /etc/shorewall/route_rules
74
76 ⟨http://shorewall.net/MultiISP.html⟩
77
78 shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
79 blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-
80 ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
81 shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shore‐
82 wall-providers(5), shorewall-proxyarp(5), shorewall-routestopped(5),
83 shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5), shore‐
84 wall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-
85 tunnels(5), shorewall-zones(5)
86
87
88
89 19 May 2008 shorewall-route_rules(5)