Shorewall users - Mar 2007 - what is the correct syntax for a route rule?

Hello,

I need to send lan2net traffic to a certain IP address via one
provider (ISP1, eth0), and all other lan2net traffic via the second
provider (ISP2, eth1). Assuming eth2 is LAN, the first rule in
route_rules would be:

eth2 A.B.C.D ISP1 1000

What is the correct syntax for the second rule, to send all packets
not to A.B.C.D via ISP2?

Thanks,
Gregory

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

On Thursday 29 March 2007, Grigory Mokhin wrote:
> Hello,
>
> I need to send lan2net traffic to a certain IP address via one
> provider (ISP1, eth0), and all other lan2net traffic via the second
> provider (ISP2, eth1). Assuming eth2 is LAN, the first rule in
> route_rules would be:
>
> eth2 A.B.C.D ISP1 1000
>
> What is the correct syntax for the second rule, to send all packets
> not to A.B.C.D via ISP2?
>
> Thanks,
> Gregory
can''t you just do that with a  route command?


-- 
_____________________________________
John Andersen
http://www.screenio.com/

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

I

: On Thursday 29 March 2007, Grigory Mokhin wrote:
: > Hello,
: >
: > I need to send lan2net traffic to a certain IP address via one
: > provider (ISP1, eth0), and all other lan2net traffic via the second
: > provider (ISP2, eth1). Assuming eth2 is LAN, the first rule in
: > route_rules would be:
: >
: > eth2 A.B.C.D ISP1 1000
: >
: > What is the correct syntax for the second rule, to send all packets
: > not to A.B.C.D via ISP2?
: >
: > Thanks,
: > Gregory
:
: can''t you just do that with a  route command?
:
:
: -- 
: _____________________________________
: John Andersen
Remember the docs quote this below

The bottom line is that if you want traffic to go out through a particular 
provider then you must mark that traffic with the provider''s MARK value
in
/etc/shorewall/tcrules and you must do that marking in the PREROUTING chain; 
or, you must provide the appropriate rules in /etc/shorewall/route_rules.

and that you can set in shorewall.conf  mark in forward chain = yes

I would do this in Tc Rules--- with high marks=no in shorewall.conf
If this where your config:
1=ISP1, lan=192.168.1.0/24, IP address on the net= 24.56.84.57, eth1=local
/etc/shorewall/tcrules

1:P  eth1:192.168.1.0/24    24.56.84.57    all
or if you just wanted web traffic

1:P  eth1:192.168.1.0/24    24.56.84.57    tcp     80

Mike




-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

On 3/30/07, John Andersen <jsa@screenio.com>
wrote:
> On Thursday 29 March 2007, Grigory Mokhin wrote:
> > Hello,
> >
> > I need to send lan2net traffic to a certain IP address via one
> > provider (ISP1, eth0), and all other lan2net traffic via the second
> > provider (ISP2, eth1). Assuming eth2 is LAN, the first rule in
> > route_rules would be:
> >
> > eth2 A.B.C.D ISP1 1000
> >
> > What is the correct syntax for the second rule, to send all packets
> > not to A.B.C.D via ISP2?
> >
> > Thanks,
> > Gregory
>
> can''t you just do that with a  route command?
>
What command? I''d appreciate a lot if you provide it here.

Regards,
Gregory

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

> : On Thursday 29 March 2007, Grigory Mokhin wrote:
> : > Hello,
> : >
> : > I need to send lan2net traffic to a certain IP address via one
> : > provider (ISP1, eth0), and all other lan2net traffic via the second
> : > provider (ISP2, eth1). Assuming eth2 is LAN, the first rule in
> : > route_rules would be:
> : >
> : > eth2 A.B.C.D ISP1 1000
> : >
> : > What is the correct syntax for the second rule, to send all packets
> : > not to A.B.C.D via ISP2?
> : >
> : > Thanks,
> : > Gregory
> :
> Remember the docs quote this below
>
> The bottom line is that if you want traffic to go out through a particular
> provider then you must mark that traffic with the provider''s MARK
value in
> /etc/shorewall/tcrules and you must do that marking in the PREROUTING
chain;
> or, you must provide the appropriate rules in /etc/shorewall/route_rules.
>
> and that you can set in shorewall.conf  mark in forward chain = yes
>
> I would do this in Tc Rules--- with high marks=no in shorewall.conf
> If this where your config:
> 1=ISP1, lan=192.168.1.0/24, IP address on the net= 24.56.84.57, eth1=local
> /etc/shorewall/tcrules
>
> 1:P  eth1:192.168.1.0/24    24.56.84.57    all
> or if you just wanted web traffic
>
> 1:P  eth1:192.168.1.0/24    24.56.84.57    tcp     80
>
> Mike
>
I use tcrules with high marks =yes. On IRC channel I asked Tom if it
is possible to solve my problem with a rule in route_rules. He said
yes. I just can''t figure out the correct syntax. Otherwise I would
probably use tcrules for marking.

Regards,
Gregory

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Grigory Mokhin wrote:
>  > can''t you just do that with a  route command?

>What command? I''d appreciate a lot if you provide it here.
man route
man ip



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Grigory Mokhin wrote:
> 
> I use tcrules with high marks =yes. On IRC channel I asked Tom if it
> is possible to solve my problem with a rule in route_rules. He said
> yes. I just can''t figure out the correct syntax. Otherwise I would
> probably use tcrules for marking.
>
Gregory,

It requires NO special syntax. Route rules are "first-match". So just
make
your second rule unconditional.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV