Provided by: shorewall-common_4.0.6-1_all bug

NAME

       providers - Shorewall Providers file

SYNOPSIS

       /etc/shorewall/providers

DESCRIPTION

       This file is used to define additional routing tables. You will want to
       define an additional table if:

       · You have connections to more than one ISP or multiple connections  to
         the same ISP

       · You  run  Squid  as  a  transparent  proxy  on  a host other than the
         firewall.

       · You have other requirements for policy routing.

       Each entry in the file defines a single routing table.

       If you wish to omit a column entry but want to include an entry in  the
       next column, use "-" for the omitted entry.

       The columns in the file are as follows.

       NAMEname
              The  provider  name.  Must  be  a valid shell variable name. The
              names ’local’, ’main’, ’default’ and ’unspec’ are  reserved  and
              may not be used as provider names.

       NUMBERnumber
              The  provider number -- a number between 1 and 15. Each provider
              must be assigned a unique value.

       MARKvalue
              A    FWMARK    value    used    in    your     shorewall-tcrules
              〈shorewall-tcrules.html〉  (5)  file  to  direct  packets to this
              provider.

              If HIGH_ROUTE_MARKS=Yes in shorewall.conf  〈shorewall.conf.html〉
              (5),  then  the  value must be a multiple of 256 between 256 and
              65280 or their hexadecimal equivalents (0x0100 and  0xff00  with
              the  low-order  byte  of  the  value being zero). Otherwise, the
              value must be between 1 and 255. Each provider must be  assigned
              a unique mark value.

       DUPLICATErouting-table-name
              The  name  of  an  existing  table  to  duplicate to create this
              routing table. May be main or the name of  a  previously  listed
              provider.  You may select only certain entries from the table to
              copy by using the COPY column below.

       INTERFACEinterface
              The name of the network  interface  to  the  provider.  Must  be
              listed  in shorewall-interfaces 〈shorewall-interfaces.html〉 (5).

              Caution

              The Shorewall implementation of Multi-ISP support  assumes  that
              each provider has its own interface.

       GATEWAY - {-|address|detect}
              The IP address of the provider’s gateway router.

              You can enter "detect" here and Shorewall will attempt to detect
              the gateway automatically.

              For PPP devices, you may omit this column.

       OPTIONS (Optional) — [-|option[,option]...]
              A comma-separated list selected from the following. The order of
              the  options  is  not  significant  but  the list may contain no
              embedded whitespace.

              track  If specified, inbound connections on this  interface  are
                     to  be  tracked  so that responses may be routed back out
                     this same interface.

                     You want to specify  track  if  internet  hosts  will  be
                     connecting to local servers through this provider.

              balance[=weight]
                     The  providers  that  have  balance  specified  will  get
                     outbound traffic load-balanced among them.   By  default,
                     all  interfaces with balance specified will have the same
                     weight (1). You can change the weight of an interface  by
                     specifiying  balance=weight where weight is the weight of
                     the route out of this interface.

              loose  Shorewall normally  adds  a  routing  rule  for  each  IP
                     address on an interface which forces traffic whose source
                     is that IP address to be sent using the routing table for
                     that  interface.  Setting loose prevents creation of such
                     rules on this interface.

              optional
                     If the interface named in the INTERFACE column is not  up
                     and  configured  with  an  IPv4  address then ignore this
                     provider.

       COPY — [{none|interface[,interface]...}]
              A comma-separated list of other  interfaces  on  your  firewall.
              Wildcards specified using an asterisk ("*") are permitted (e.g.,
              tun* ). Usually used only when DUPLICATE  is  main.   Only  copy
              routes  through INTERFACE and through interfaces listed here. If
              you only wish to copy routes through INTERFACE,  enter  none  in
              this column.

EXAMPLES

       Example 1:
              You  run  squid in your DMZ on IP address 192.168.2.99. Your DMZ
              interface is eth2

                      #NAME   NUMBER  MARK DUPLICATE  INTERFACE GATEWAY       OPTIONS
                      Squid   1       1    -          eth2      192.168.2.99  -

       Example 2:
              eth0  connects  to  ISP  1.  The   IP   address   of   eth0   is
              206.124.146.176  and  the  ISP’s  gateway  router has IP address
              206.124.146.254.

              eth1 connects to ISP 2. The IP address of eth1 is  130.252.99.27
              and the ISP’s gateway router has IP address 130.252.99.254.

              eth2 connects to a local network.

                      #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY          OPTIONS            COPY
                      ISP1  1       1    main      eth0      206.124.146.254 track,balance      eth2
                      ISP2  2       2    main      eth1      130.252.99.254  track,balance      eth2

FILES

       /etc/shorewall/providers

SEE ALSO

http://shorewall.net/MultiISP.htmlshorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
       blacklist(5), shorewall-hosts(5),  shorewall-interfaces(5),  shorewall-
       ipsec(5),  shorewall-maclist(5),  shorewall-masq(5),  shorewall-nat(5),
       shorewall-netmap(5),     shorewall-params(5),      shorewall-policy(5),
       shorewall-proxyarp(5),       shorewall-route_routes(5),      shorewall-
       routestopped(5),  shorewall-rules(5),   shorewall.conf(5),   shorewall-
       tcclasses(5),  shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-
       tos(5), shorewall-tunnels(5), shorewall-zones(5)

                               23 November 2007         shorewall-providers(5)