On 02/24/2016 03:22 AM, c.mo...@web.de wrote: > Fair enough. > Defining /etc/shorewall/masq and /etc/shorewall/rules is not difficult. > > But the problem starts > with /etc/shorewall/providers, /etc/shorewall/rtrules > and /etc/shorewall/interfaces. > And last but not least the setting of USE_DEFAULT_RT. >
I see no reason why USE_DEFAULT_RT=Yes would not be appropriate. You obviously have two providers -- one out of eth0 and one out of eth2. Given that eth0 has a static IP address, I'm assuming that the gateway is also static so just specify it in the providers entry. I'll assume these settings in shorewall.conf. TC_BITS=8 PROVIDER_OFFSET=8 PROVIDER_BITS=4 ISP1 1 0x100 eth0 <gateway1> primary ISP2 2 0x200 eth2 192.168.178.1 fallback Your rtrules file will depend on how you want traffic routed. I assume that 10.1.0.0/24 want to route out of eth0, so you would have this entry: 10.1.0.0/24 - ISP1 1000 Similarly, 192.168.178.0/24 wants to route out of ISP2: 192.168.178.0/24 - ISP2 1000 The interfaces file will have the 'net' zone for both eth0 and eth2: ?FORMAT 2 net eth0 dhcp,... net eth2 ... -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
