'\" t .\" Title: shorewall-rtrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 06/28/2012 .\" Manual: [FIXME: manual] .\" Source: [FIXME: source] .\" Language: English .\" .TH "SHOREWALL\-RTRULES" "5" "06/28/2012" "[FIXME: source]" "[FIXME: manual]" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" rtrules \- Shorewall Routing Rules file .SH "SYNOPSIS" .HP \w'\fB/etc/shorewall/rtrules\fR\ 'u \fB/etc/shorewall/rtrules\fR .SH "DESCRIPTION" .PP Entries in this file cause traffic to be routed to one of the providers listed in \m[blue]\fBshorewall\-providers\fR\m[]\&\s-2\u[1]\d\s+2(5)\&. .PP The columns in the file are as follows\&. .PP \fBSOURCE\fR (Optional) \- {\fB\-\fR|[&]\fIinterface\fR|\fIaddress\fR|\fIinterface\fR:\fIaddress\fR} .RS 4 An ip \fIaddress\fR (network or host) that matches the source IP address in a packet\&. May also be specified as an \fIinterface\fR name optionally followed by ":" and an address\&. If the device \fBlo\fR is specified, the packet must originate from the firewall itself\&. .sp Beginning with Shorewall 4\&.5\&.0, you may specify &\fIinterface\fR in this column to indicate that the source is the primary IP address of the named interface\&. .RE .PP \fBDEST\fR (Optional) \- {\fB\-\fR|\fIaddress\fR} .RS 4 An ip address (network or host) that matches the destination IP address in a packet\&. .sp If you choose to omit either \fBSOURCE\fR or \fBDEST\fR, place "\-" in that column\&. Note that you may not omit both \fBSOURCE\fR and \fBDEST\fR\&. .RE .PP \fBPROVIDER\fR \- {\fIprovider\-name\fR|\fIprovider\-number\fR|\fBmain\fR} .RS 4 The provider to route the traffic through\&. May be expressed either as the provider name or the provider number\&. May also be \fBmain\fR or 254 for the main routing table\&. This can be used in combination with VPN tunnels, see example 2 below\&. .RE .PP \fBPRIORITY\fR \- \fIpriority\fR .RS 4 The rule\*(Aqs numeric \fIpriority\fR which determines the order in which the rules are processed\&. Rules with equal priority are applied in the order in which they appear in the file\&. .PP 1000\-1999 .RS 4 Before Shorewall\-generated \*(AqMARK\*(Aq rules .RE .PP 11000\-11999 .RS 4 After \*(AqMARK\*(Aq rules but before Shorewall\-generated rules for ISP interfaces\&. .RE .PP 26000\-26999 .RS 4 After ISP interface rules but before \*(Aqdefault\*(Aq rule\&. .RE .RE .PP \fBMARK \- {\-|\fR\fB\fImark\fR\fR\fB[/\fR\fB\fImask\fR\fR\fB]}\fR .RS 4 Optional \-\- added in Shorewall 4\&.4\&.25\&. For this rule to be applied to a packet, the packet\*(Aqs mark value must match the \fImark\fR when logically anded with the \fImask\fR\&. If a \fImask\fR is not supplied, Shorewall supplies a suitable provider mask\&. .RE .SH "EXAMPLES" .PP Example 1: .RS 4 You want all traffic coming in on eth1 to be routed to the ISP1 provider\&. .sp .if n \{\ .RS 4 .\} .nf #SOURCE DEST PROVIDER PRIORITY MASK eth1 \- ISP1 1000 .fi .if n \{\ .RE .\} .RE .PP Example 2: .RS 4 You use OpenVPN (routed setup /tunX) in combination with multiple providers\&. In this case you have to set up a rule to ensure that the OpenVPN traffic is routed back through the tunX interface(s) rather than through any of the providers\&. 10\&.8\&.0\&.0/24 is the subnet chosen in your OpenVPN configuration (server 10\&.8\&.0\&.0 255\&.255\&.255\&.0)\&. .sp .if n \{\ .RS 4 .\} .nf #SOURCE DEST PROVIDER PRIORITY MASK \- 10\&.8\&.0\&.0/24 main 1000 .fi .if n \{\ .RE .\} .RE .SH "FILES" .PP /etc/shorewall/rtrules .SH "SEE ALSO" .PP \m[blue]\fBhttp://shorewall\&.net/MultiISP\&.html\fR\m[] .PP \m[blue]\fBhttp://shorewall\&.net/configuration_file_basics\&.htm#Pairs\fR\m[] .PP shorewall(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall_interfaces(5), shorewall\-ipsets(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-nat(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\&.conf(5), shorewall\-secmarks(5), shorewall\-tcclasses(5), shorewall\-tcdevices(5), shorewall\-tcrules(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5) .SH "NOTES" .IP " 1." 4 shorewall-providers .RS 4 \%http://www.shorewall.net/manpages/shorewall-providers.html .RE