you need to mark the pakets and forward them to your second gateway:
tcrules (shorewall 1.4):
#MARK SOURCE DEST PROTO PORT(S) CLIENT
# PORT(S)
1 $DMZ_NEWS 0.0.0.0/0 tcp nntp
2 $DMZ_MAILIN 0.0.0.0/0 tcp pop3
----------
/etc/network/routing_ethX:
#!/bin/bash
MARKS="1 2"
# table dialup used to route via dialup line
/sbin/ip route add default via 10.0.5.2 dev eth3 table dialup
for MARK in $MARKS
do
/sbin/ip rule add fwmark $MARK table dialup
done
---------
/etc/network/interfaces:
# eth3 transport router1/router2
auto eth3
iface eth3 inet static
address 10.0.5.1
netmask 255.255.255.252
broadcast 10.0.5.3
up /etc/network/routing_eth3
----------
/etc/iproute2/rt_tables:
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
1 inr.ruhep
200 dialup
On Sun, 2004-06-27 at 06:10, Jens wrote:> Hi,
> I have recently obtained a secondary access to the internet and I am trying
to
> integrate this into my shorewall setup. My primary line is via cable modem
> with a dynamic IP and my new line is an ADSL line with a fixed routeable
IP.
> Although load balancing and automatic fallover (in case one ISP''s
line goes
> dead) would be nice, pretty well all I am trying to get going is mail
service
> over adsl, the fixed IP, and the rest thru the cable modem. I am running
into
> more and more sites that refuse mail service to dynamic IP addresses and
that
> is why I am forced into this setup.
> I have spent the last couple of days digging thru the shorewall docs,
running
> searches on the mailing list and googling for info. Although everything I
> need ''seems'' to be out there, I must admit that some of
the very
> basic/elementary things are still a mystery and I am hoping to establish
> contact with someone that can either point me in the right direction or
that
> can help me out with specifics.
> I have studied the FAQ #32 write-up and I would like to ask a couple of
> questions referring to it. As it says, setting up shorewall is easy but
> setting up the routing is a bit harder ......
> I realize that shorewall is not meant to work as a router and I also
realize
> that the author of the FAQ specifically says to look at the LARTC how to
> (which I did) and post the question in the LARTC mailing list. I would like
> to give it a whirl here first as I am sure there are other people out there
> doing exactly the same thing.
>
> Ok, so I followed FAQ 32 and have set up shorewall with two
''net'' zones on
> eth0 and eth1. I am now looking at the section on split access in the FAQ.
I
> am told to set up symbolic names and here is where my ignorance becomes
> painfully obvious .... how do I do that ??? Related to that question would
be
> my next one of ''where do you stick the various routing commands
that are
> given next'' ? I obviously need to run a shell script or batch file
that has
> the routing commands in it but at what point do I call this script ? Would
> there be a specific area in the shorewall configuration files where I would
> add a call for this script ? Last but not least, all the symbolic names
that
> are set up for this script refer to variables that are mostly included in
> the /etc/network/interfaces file and rather than hard coding, would it be
> possible to somehow grab these values from the system (after all, the
> interfaces have already come up by the time I do the routing .....) ?
> I profusely apologize for asking such a basic question but I have tried my
> damndest to find this information on my own and just can''t seem to
get it.
> My sincerest thank you''s in advance for anyone that can help me
out with this.
>
> Jens
> PS.: I run Debian unstable on the latest 2.4 kernel
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm