Provided by: shorewall-common_4.0.6-1_all bug


       providers - Shorewall Providers file




       This file is used to define additional routing tables. You will want to
       define an additional table if:

       · You have connections to more than one ISP or multiple connections  to
         the same ISP

       · You  run  Squid  as  a  transparent  proxy  on  a host other than the

       · You have other requirements for policy routing.

       Each entry in the file defines a single routing table.

       If you wish to omit a column entry but want to include an entry in  the
       next column, use "-" for the omitted entry.

       The columns in the file are as follows.

              The  provider  name.  Must  be  a valid shell variable name. The
              names ’local’, ’main’, ’default’ and ’unspec’ are  reserved  and
              may not be used as provider names.

              The  provider number -- a number between 1 and 15. Each provider
              must be assigned a unique value.

              A    FWMARK    value    used    in    your     shorewall-tcrules
              〈shorewall-tcrules.html〉  (5)  file  to  direct  packets to this

              If HIGH_ROUTE_MARKS=Yes in shorewall.conf  〈shorewall.conf.html〉
              (5),  then  the  value must be a multiple of 256 between 256 and
              65280 or their hexadecimal equivalents (0x0100 and  0xff00  with
              the  low-order  byte  of  the  value being zero). Otherwise, the
              value must be between 1 and 255. Each provider must be  assigned
              a unique mark value.

              The  name  of  an  existing  table  to  duplicate to create this
              routing table. May be main or the name of  a  previously  listed
              provider.  You may select only certain entries from the table to
              copy by using the COPY column below.

              The name of the network  interface  to  the  provider.  Must  be
              listed  in shorewall-interfaces 〈shorewall-interfaces.html〉 (5).


              The Shorewall implementation of Multi-ISP support  assumes  that
              each provider has its own interface.

       GATEWAY - {-|address|detect}
              The IP address of the provider’s gateway router.

              You can enter "detect" here and Shorewall will attempt to detect
              the gateway automatically.

              For PPP devices, you may omit this column.

       OPTIONS (Optional) — [-|option[,option]...]
              A comma-separated list selected from the following. The order of
              the  options  is  not  significant  but  the list may contain no
              embedded whitespace.

              track  If specified, inbound connections on this  interface  are
                     to  be  tracked  so that responses may be routed back out
                     this same interface.

                     You want to specify  track  if  internet  hosts  will  be
                     connecting to local servers through this provider.

                     The  providers  that  have  balance  specified  will  get
                     outbound traffic load-balanced among them.   By  default,
                     all  interfaces with balance specified will have the same
                     weight (1). You can change the weight of an interface  by
                     specifiying  balance=weight where weight is the weight of
                     the route out of this interface.

              loose  Shorewall normally  adds  a  routing  rule  for  each  IP
                     address on an interface which forces traffic whose source
                     is that IP address to be sent using the routing table for
                     that  interface.  Setting loose prevents creation of such
                     rules on this interface.

                     If the interface named in the INTERFACE column is not  up
                     and  configured  with  an  IPv4  address then ignore this

       COPY — [{none|interface[,interface]...}]
              A comma-separated list of other  interfaces  on  your  firewall.
              Wildcards specified using an asterisk ("*") are permitted (e.g.,
              tun* ). Usually used only when DUPLICATE  is  main.   Only  copy
              routes  through INTERFACE and through interfaces listed here. If
              you only wish to copy routes through INTERFACE,  enter  none  in
              this column.


       Example 1:
              You  run  squid in your DMZ on IP address Your DMZ
              interface is eth2

                      Squid   1       1    -          eth2  -

       Example 2:
              eth0  connects  to  ISP  1.  The   IP   address   of   eth0   is
      and  the  ISP’s  gateway  router has IP address

              eth1 connects to ISP 2. The IP address of eth1 is
              and the ISP’s gateway router has IP address

              eth2 connects to a local network.

                      #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY          OPTIONS            COPY
                      ISP1  1       1    main      eth0 track,balance      eth2
                      ISP2  2       2    main      eth1  track,balance      eth2



SEE ALSO, shorewall-accounting(5), shorewall-actions(5), shorewall-
       blacklist(5), shorewall-hosts(5),  shorewall-interfaces(5),  shorewall-
       ipsec(5),  shorewall-maclist(5),  shorewall-masq(5),  shorewall-nat(5),
       shorewall-netmap(5),     shorewall-params(5),      shorewall-policy(5),
       shorewall-proxyarp(5),       shorewall-route_routes(5),      shorewall-
       routestopped(5),  shorewall-rules(5),   shorewall.conf(5),   shorewall-
       tcclasses(5),  shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-
       tos(5), shorewall-tunnels(5), shorewall-zones(5)

                               23 November 2007         shorewall-providers(5)