Provided by:
shorewall-common_4.0.12-1_all 
NAME
route_rules - Shorewall Routing Rules file
SYNOPSIS
/etc/shorewall/route_rules
DESCRIPTION
Entries in this file cause traffic to be routed to one of the providers
listed in shorewall-providers 〈shorewall-providers.html〉 (5).
The columns in the file are as follows.
SOURCE (Optional) — {-|interface|address|interface:address}
An ip address (network or host) that matches the source IP
address in a packet. May also be specified as an interface name
optionally followed by ":" and an address. If the device lo is
specified, the packet must originate from the firewall itself.
DEST (Optional) — {-|address}
An ip address (network or host) that matches the destination IP
address in a packet.
If you choose to omit either SOURCE or DEST, place "-" in that
column. Note that you may not omit both SOURCE and DEST.
PROVIDER — {provider-name|provider-number|main}
The provider to route the traffic through. May be expressed
either as the provider name or the provider number. May also be
main or 254 for the main routing table. This can be used in
combination with VPN tunnels, see example 2 below.
PRIORITY - priority
The rule’s numeric priority which determines the order in which
the rules are processed. Rules with equal priority are applied
in the order in which they appear in the file.
1000-1999
Before Shorewall-generated ’MARK’ rules
11000-11999
After ’MARK’ rules but before Shorewall-generated rules
for ISP interfaces.
26000-26999
After ISP interface rules but before ’default’ rule.
EXAMPLES
Example 1:
You want all traffic coming in on eth1 to be routed to the ISP1
provider.
#SOURCE DEST PROVIDER PRIORITY
eth1 - ISP1 1000
Example 2:
You use OpenVPN (routed setup /tunX) in combination with
multiple providers. In this case you have to set up a rule to
ensure that the OpenVPN traffic is routed back through the tunX
interface(s) rather than through any of the providers.
10.8.0.0/24 is the subnet chosen in your OpenVPN configuration
(server 10.8.0.0 255.255.255.0).
#SOURCE DEST PROVIDER PRIORITY
- 10.8.0.0/24 main 1000
FILES
/etc/shorewall/route_rules
SEE ALSO
〈http://shorewall.net/MultiISP.html〉
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-
ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
shorewall-providers(5), shorewall-proxyarp(5), shorewall-
routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-
tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-
tos(5), shorewall-tunnels(5), shorewall-zones(5)
24 June 2008 shorewall-route_rules(5)