Provided by: shorewall-common_4.0.12-1_all bug

NAME

       providers - Shorewall Providers file

SYNOPSIS

       /etc/shorewall/providers

DESCRIPTION

       This file is used to define additional routing tables. You will want to
       define an additional table if:

       · You have connections to more than one ISP or multiple connections  to
         the same ISP

       · You  run  Squid  as  a  transparent  proxy  on  a host other than the
         firewall.

       · You have other requirements for policy routing.

       Each entry in the file defines a single routing table.

       If you wish to omit a column entry but want to include an entry in  the
       next column, use "-" for the omitted entry.

       The columns in the file are as follows.

       NAMEname
              The  provider  name.  Must  be  a valid shell variable name. The
              names ’local’, ’main’, ’default’ and ’unspec’ are  reserved  and
              may not be used as provider names.

       NUMBERnumber
              The  provider number -- a number between 1 and 15. Each provider
              must be assigned a unique value.

       MARKvalue
              A    FWMARK    value    used    in    your     shorewall-tcrules
              〈shorewall-tcrules.html〉  (5)  file  to  direct  packets to this
              provider.

              If HIGH_ROUTE_MARKS=Yes in shorewall.conf  〈shorewall.conf.html〉
              (5),  then  the  value must be a multiple of 256 between 256 and
              65280 or their hexadecimal equivalents (0x0100 and  0xff00  with
              the  low-order  byte  of  the  value being zero). Otherwise, the
              value must be between 1 and 255. Each provider must be  assigned
              a unique mark value.

       DUPLICATErouting-table-name
              The  name  of  an  existing  table  to  duplicate to create this
              routing table. May be main or the name of  a  previously  listed
              provider.  You may select only certain entries from the table to
              copy by using the COPY column below.

       INTERFACEinterface
              The name of the network  interface  to  the  provider.  Must  be
              listed  in shorewall-interfaces 〈shorewall-interfaces.html〉 (5).

       GATEWAY - {-|address|detect}
              The IP address of the provider’s gateway router.

              You can enter "detect" here and Shorewall will attempt to detect
              the gateway automatically.

              For PPP devices, you may omit this column.

       OPTIONS (Optional) — [-|option[,option]...]
              A comma-separated list selected from the following. The order of
              the options is not significant  but  the  list  may  contain  no
              embedded whitespace.

              track  If  specified,  inbound connections on this interface are
                     to be tracked so that responses may be  routed  back  out
                     this same interface.

                     You  want  to  specify  track  if  internet hosts will be
                     connecting to local servers through this provider.

              balance[=weight]
                     The  providers  that  have  balance  specified  will  get
                     outbound  traffic  load-balanced among them.  By default,
                     all interfaces with balance specified will have the  same
                     weight  (1). You can change the weight of an interface by
                     specifiying balance=weight where weight is the weight  of
                     the route out of this interface.

              loose  Shorewall  normally  adds  a  routing  rule  for  each IP
                     address on an interface which forces traffic whose source
                     is that IP address to be sent using the routing table for
                     that interface. Setting loose prevents creation  of  such
                     rules on this interface.

              optional
                     If  the interface named in the INTERFACE column is not up
                     and configured with an  IPv4  address  then  ignore  this
                     provider.

       COPY — [{none|interface[,interface]...}]
              A  comma-separated  list  of  other interfaces on your firewall.
              Wildcards specified using an asterisk ("*") are permitted (e.g.,
              tun*  ).  Usually  used  only when DUPLICATE is main.  Only copy
              routes through INTERFACE and through interfaces listed here.  If
              you  only  wish  to copy routes through INTERFACE, enter none in
              this column.

EXAMPLES

       Example 1:
              You run squid in your DMZ on IP address 192.168.2.99.  Your  DMZ
              interface is eth2

                      #NAME   NUMBER  MARK DUPLICATE  INTERFACE GATEWAY       OPTIONS
                      Squid   1       1    -          eth2      192.168.2.99  -

       Example 2:
              eth0   connects   to   ISP   1.   The  IP  address  of  eth0  is
              206.124.146.176 and the ISP’s  gateway  router  has  IP  address
              206.124.146.254.

              eth1  connects to ISP 2. The IP address of eth1 is 130.252.99.27
              and the ISP’s gateway router has IP address 130.252.99.254.

              eth2 connects to a local network.

                      #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY          OPTIONS            COPY
                      ISP1  1       1    main      eth0      206.124.146.254 track,balance      eth2
                      ISP2  2       2    main      eth1      130.252.99.254  track,balance      eth2

FILES

       /etc/shorewall/providers

SEE ALSO

http://shorewall.net/MultiISP.htmlshorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
       blacklist(5),  shorewall-hosts(5),  shorewall-interfaces(5), shorewall-
       ipsec(5),  shorewall-maclist(5),  shorewall-masq(5),  shorewall-nat(5),
       shorewall-netmap(5),      shorewall-params(5),     shorewall-policy(5),
       shorewall-proxyarp(5),      shorewall-route_routes(5),       shorewall-
       routestopped(5),   shorewall-rules(5),   shorewall.conf(5),  shorewall-
       tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),  shorewall-
       tos(5), shorewall-tunnels(5), shorewall-zones(5)

                                 24 June 2008           shorewall-providers(5)