Ubuntu Manpage: providers - Shorewall Providers file

Provided by: shorewall-common_4.0.6-1_all

NAME

       providers - Shorewall Providers file

SYNOPSIS

       /etc/shorewall/providers

DESCRIPTION

This file is used to define additional routing tables. You will want to
define an additional table if:

· You have connections to more than one ISP or multiple connections to
the same ISP

· You run Squid as a transparent proxy on a host other than the
firewall.

· You have other requirements for policy routing.

Each entry in the file defines a single routing table.

If you wish to omit a column entry but want to include an entry in the
next column, use "-" for the omitted entry.

The columns in the file are as follows.

NAME — name
The provider name. Must be a valid shell variable name. The
names ’local’, ’main’, ’default’ and ’unspec’ are reserved and
may not be used as provider names.

NUMBER — number
The provider number -- a number between 1 and 15. Each provider
must be assigned a unique value.

MARK — value
A FWMARK value used in your shorewall-tcrules
〈shorewall-tcrules.html〉 (5) file to direct packets to this
provider.

If HIGH_ROUTE_MARKS=Yes in shorewall.conf 〈shorewall.conf.html〉
(5), then the value must be a multiple of 256 between 256 and
65280 or their hexadecimal equivalents (0x0100 and 0xff00 with
the low-order byte of the value being zero). Otherwise, the
value must be between 1 and 255. Each provider must be assigned
a unique mark value.

DUPLICATE — routing-table-name
The name of an existing table to duplicate to create this
routing table. May be main or the name of a previously listed
provider. You may select only certain entries from the table to
copy by using the COPY column below.

INTERFACE — interface
The name of the network interface to the provider. Must be
listed in shorewall-interfaces 〈shorewall-interfaces.html〉 (5).

Caution

The Shorewall implementation of Multi-ISP support assumes that
each provider has its own interface.

GATEWAY - {-|address|detect}
The IP address of the provider’s gateway router.

You can enter "detect" here and Shorewall will attempt to detect
the gateway automatically.

For PPP devices, you may omit this column.

OPTIONS (Optional) — [-|option[,option]...]
A comma-separated list selected from the following. The order of
the options is not significant but the list may contain no
embedded whitespace.

track If specified, inbound connections on this interface are
to be tracked so that responses may be routed back out
this same interface.

You want to specify track if internet hosts will be
connecting to local servers through this provider.

balance[=weight]
The providers that have balance specified will get
outbound traffic load-balanced among them. By default,
all interfaces with balance specified will have the same
weight (1). You can change the weight of an interface by
specifiying balance=weight where weight is the weight of
the route out of this interface.

loose Shorewall normally adds a routing rule for each IP
address on an interface which forces traffic whose source
is that IP address to be sent using the routing table for
that interface. Setting loose prevents creation of such
rules on this interface.

optional
If the interface named in the INTERFACE column is not up
and configured with an IPv4 address then ignore this
provider.

COPY — [{none|interface[,interface]...}]
A comma-separated list of other interfaces on your firewall.
Wildcards specified using an asterisk ("*") are permitted (e.g.,
tun* ). Usually used only when DUPLICATE is main. Only copy
routes through INTERFACE and through interfaces listed here. If
you only wish to copy routes through INTERFACE, enter none in
this column.

EXAMPLES

       Example 1:
              You  run  squid in your DMZ on IP address 192.168.2.99. Your DMZ
              interface is eth2

                      #NAME   NUMBER  MARK DUPLICATE  INTERFACE GATEWAY       OPTIONS
                      Squid   1       1    -          eth2      192.168.2.99  -

       Example 2:
              eth0  connects  to  ISP  1.  The   IP   address   of   eth0   is
              206.124.146.176  and  the  ISP’s  gateway  router has IP address
              206.124.146.254.

              eth1 connects to ISP 2. The IP address of eth1 is  130.252.99.27
              and the ISP’s gateway router has IP address 130.252.99.254.

              eth2 connects to a local network.

                      #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY          OPTIONS            COPY
                      ISP1  1       1    main      eth0      206.124.146.254 track,balance      eth2
                      ISP2  2       2    main      eth1      130.252.99.254  track,balance      eth2

FILES

       /etc/shorewall/providers

Ubuntu manuals

NAME

SYNOPSIS

DESCRIPTION

EXAMPLES

FILES

SEE ALSO