> Message: 2 > Date: Fri, 03 Dec 2004 10:10:35 +1300 > From: Paul <lists@loudas.com> > Subject: [Shorewall-users] another network to add > To: Shorewall List <shorewall-users@lists.shorewall.net> > Message-ID: <41AF84CB.5080304@loudas.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Hi Tom (and others) > encase you don''t know my network already ;) here''s a quick run down > eth0 lan 192.168.1.1/255.255.255.0 > eth1 wan1 172.30.7.4/255.255.240.0 > eth2 wan2 202.37.230.93/255.255.255.192 > eth3 wan3 203.96.213.73/255.255.254.0 > > I''ve got routes and rules for all the above interfaces :) > > Paul. >hey paul is your shorewall actually working with split access?? can you send me your routing config because i couldn''t make it work. thanks! Alberto Sierra
Alberto Sierra wrote:> > hey paul is your shorewall actually working with split access?? can > you send me your routing config because i couldn''t make it work. > > thanks! > > Alberto Sierrarouting: start() { ebegin "Starting MultiPATH routes ..." /sbin/ip rule add prio 50 table main /sbin/ip rule add prio 201 from 202.37.230.64/26 table 201 /sbin/ip route add default via 202.37.230.65 dev eth2 \ src 202.37.230.93 proto static table 201 /sbin/ip route append prohibit default table 201 metric 1 proto static /sbin/ip rule add prio 202 from 203.96.212.0/23 table 202 /sbin/ip route add default via 203.96.212.1 dev eth3 \ src 203.96.213.73 proto static table 202 /sbin/ip route append prohibit default table 202 metric 1 proto static /sbin/ip route add 203.96.216.0/24 via 203.96.212.1 dev eth3 \ src 203.96.213.73 proto static /sbin/ip rule add prio 222 table 222 /sbin/ip route add default table 222 proto static \ nexthop via 202.37.230.65 dev eth2 \ nexthop via 203.96.212.1 dev eth3 eend $? } /etc/shorewall/masq #INTERFACE SUBNET ADDRESS PROTO PORT(S) eth2 eth0 #iconz eth3 eth0 #wave now you can just add rules as you normally would