On Sat, 2015-09-26 at 14:33 -0700, Tom Eastep wrote: > Here is the way that I do it. My LAN has addresses in network > 2001:470:b:787::/64.
> #NAME NUMBER MARK DUPLICATE INTERFACE > GATEWAY > OPTIONS COPY > HE2 4 0x100 - sit2\ - > track,balance,loose > HE1 5 0x200 - sit1\ - > - track,fallback,loose > root@gateway:~# cat /etc/shorewall6/rtrules > # > # Shorewall6 version 4 - route_rules File > # > # For information about entries in this file, type "man > shorewall6-route_rules" > # > # For additional information, see > http://www.shorewall.net/MultiISP.html > ##################################################################### > ######### > #SOURCE DEST PROVIDER > PRIORITY > 2001:470:B:227::1/64 ::/0 HE1 11000 > 2001:470:B:787::1/64 ::/0 HE2 11000 > root@gateway:~# Ahhh. So you are doing just that: creating route rules to direct traffic to the appropriate provider based on the addresses the LAN hosts choose as their source address. I guess I just thought there might be something more turnkey than per provider explicit route_rules. I guess I kind of think of route_rules for more "strange policy" type things then effecting the unsurprising, like routing traffic to the ISP that the LAN hosts chose to use by using it's source address. But this really does dovetail with the message I posted prior about losing the ability to set policy about which ISPs your LAN clients will use on the Shorewall router when your LAN hosts are fully routed via multiple providers. The only way I could see getting that back is by having the router filter/decide which networks it will advertise to the LAN. I'm not sure if the tools (odhcpd IIUC) on OpenWRT can do that. Cheers, b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
