Provided by: shorewall-common_4.0.15-1_all bug

NAME

       route_rules - Shorewall Routing Rules file

SYNOPSIS

       /etc/shorewall/route_rules

DESCRIPTION

       Entries in this file cause traffic to be routed to one of the providers
       listed in shorewall-providers[1](5).

       The columns in the file are as follows.

       SOURCE (Optional) - {-|interface|address|interface:address}
           An ip address (network or host) that matches the source IP address
           in a packet. May also be specified as an interface name optionally
           followed by ":" and an address. If the device lo is specified, the
           packet must originate from the firewall itself.

       DEST (Optional) - {-|address}
           An ip address (network or host) that matches the destination IP
           address in a packet.

           If you choose to omit either SOURCE or DEST, place "-" in that
           column. Note that you may not omit both SOURCE and DEST.

       PROVIDER - {provider-name|provider-number|main}
           The provider to route the traffic through. May be expressed either
           as the provider name or the provider number. May also be main or
           254 for the main routing table. This can be used in combination
           with VPN tunnels, see example 2 below.

       PRIORITY - priority
           The rule´s numeric priority which determines the order in which the
           rules are processed. Rules with equal priority are applied in the
           order in which they appear in the file.

           1000-1999
               Before Shorewall-generated ´MARK´ rules

           11000-11999
               After ´MARK´ rules but before Shorewall-generated rules for ISP
               interfaces.

           26000-26999
               After ISP interface rules but before ´default´ rule.

EXAMPLES

       Example 1:
           You want all traffic coming in on eth1 to be routed to the ISP1
           provider.

                       #SOURCE                 DEST            PROVIDER        PRIORITY
                       eth1                    -               ISP1            1000

       Example 2:
           You use OpenVPN (routed setup /tunX) in combination with multiple
           providers. In this case you have to set up a rule to ensure that
           the OpenVPN traffic is routed back through the tunX interface(s)
           rather than through any of the providers. 10.8.0.0/24 is the subnet
           chosen in your OpenVPN configuration (server 10.8.0.0
           255.255.255.0).

                        #SOURCE                 DEST            PROVIDER        PRIORITY
                        -                       10.8.0.0/24     main            1000

FILES

       /etc/shorewall/route_rules

SEE ALSO

       http://shorewall.net/MultiISP.html

       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
       shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
       shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
       shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)

NOTES

        1. shorewall-providers
           shorewall-providers.html

                                  12/15/2008            SHOREWALL-ROUTE_RUL(5)