<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>shorewall-providers</title><link rel="stylesheet" href="html.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.73.2" /></head><body><div class="refentry" lang="en" xml:lang="en"><a id="id257171"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>providers — Shorewall Providers file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">/etc/shorewall/providers</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257202"></a><h2>Description</h2><p>This file is used to define additional routing tables. You will want
    to define an additional table if:</p><div class="itemizedlist"><ul type="disc"><li><p>You have connections to more than one ISP or multiple
        connections to the same ISP</p></li><li><p>You run Squid as a transparent proxy on a host other than the
        firewall.</p></li><li><p>You have other requirements for policy routing.</p></li></ul></div><p>Each entry in the file defines a single routing table.</p><p>If you wish to omit a column entry but want to include an entry in
    the next column, use "-" for the omitted entry.</p><p>The columns in the file are as follows.</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>NAME</strong></span> -
        <span class="emphasis"><em>name</em></span></span></dt><dd><p>The provider <span class="emphasis"><em>name</em></span>. Must be a valid shell
          variable name. The names 'local', 'main', 'default' and 'unspec' are
          reserved and may not be used as provider names.</p></dd><dt><span class="term"><span class="bold"><strong>NUMBER</strong></span> -
        <span class="emphasis"><em>number</em></span></span></dt><dd><p>The provider number -- a number between 1 and 15. Each
          provider must be assigned a unique value.</p></dd><dt><span class="term"><span class="bold"><strong>MARK</strong></span> -
        <span class="emphasis"><em>value</em></span></span></dt><dd><p>A FWMARK <span class="emphasis"><em>value</em></span> used in your <a class="ulink" href="shorewall-tcrules.html" target="_self">shorewall-tcrules</a>(5) file to
          direct packets to this provider.</p><p>If HIGH_ROUTE_MARKS=Yes in <a class="ulink" href="shorewall.conf.html" target="_self">shorewall.conf</a>(5), then the value
          must be a multiple of 256 between 256 and 65280 or their hexadecimal
          equivalents (0x0100 and 0xff00 with the low-order byte of the value
          being zero). Otherwise, the value must be between 1 and 255. Each
          provider must be assigned a unique mark value.</p></dd><dt><span class="term"><span class="bold"><strong>DUPLICATE</strong></span> -
        <span class="emphasis"><em>routing-table-name</em></span></span></dt><dd><p>The name of an existing table to duplicate to create this
          routing table. May be <code class="option">main</code> or the name of a
          previously listed provider. You may select only certain entries from
          the table to copy by using the COPY column below.</p></dd><dt><span class="term"><span class="bold"><strong>INTERFACE</strong></span> -
        <span class="emphasis"><em>interface</em></span></span></dt><dd><p>The name of the network interface to the provider. Must be
          listed in <a class="ulink" href="shorewall-interfaces.html" target="_self">shorewall-interfaces</a>(5).</p></dd><dt><span class="term"><span class="bold"><strong>GATEWAY</strong></span> - {<span class="bold"><strong>-</strong></span>|<span class="emphasis"><em>address</em></span>|<span class="bold"><strong>detect</strong></span>}</span></dt><dd><p>The IP address of the provider's gateway router.</p><p>You can enter "detect" here and Shorewall will attempt to
          detect the gateway automatically.</p><p>For PPP devices, you may omit this column.</p></dd><dt><span class="term"><span class="bold"><strong>OPTIONS</strong></span> (Optional) - [<span class="bold"><strong>-</strong></span>|<span class="emphasis"><em>option</em></span>[<span class="bold"><strong>,</strong></span><span class="emphasis"><em>option</em></span>]...]</span></dt><dd><p>A comma-separated list selected from the following. The order
          of the options is not significant but the list may contain no
          embedded whitespace.</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>track</strong></span></span></dt><dd><p>If specified, inbound connections on this interface are
                to be tracked so that responses may be routed back out this
                same interface.</p><p>You want to specify <code class="option">track</code> if internet
                hosts will be connecting to local servers through this
                provider.</p></dd><dt><span class="term"><span class="bold"><strong>balance[=<em class="replaceable"><code>weight</code></em>]</strong></span></span></dt><dd><p>The providers that have <code class="option">balance</code>
                specified will get outbound traffic load-balanced among them.
                By default, all interfaces with <code class="option">balance</code>
                specified will have the same weight (1). You can change the
                weight of an interface by specifiying
                <code class="option">balance=</code><em class="replaceable"><code>weight</code></em>
                where <em class="replaceable"><code>weight</code></em> is the weight of the
                route out of this interface.</p></dd><dt><span class="term"><span class="bold"><strong>loose</strong></span></span></dt><dd><p>Shorewall normally adds a routing rule for each IP
                address on an interface which forces traffic whose source is
                that IP address to be sent using the routing table for that
                interface. Setting <code class="option">loose</code> prevents creation of
                such rules on this interface.</p></dd><dt><span class="term"><span class="bold"><strong>optional</strong></span></span></dt><dd><p>If the interface named in the INTERFACE column is not up
                and configured with an IPv4 address then ignore this
                provider.</p></dd></dl></div></dd><dt><span class="term"><span class="bold"><strong>COPY</strong></span> -
        [{<code class="option">none</code>|<span class="emphasis"><em>interface</em></span><span class="bold"><strong>[,</strong></span><span class="emphasis"><em>interface</em></span>]...}]</span></dt><dd><p>A comma-separated list of other interfaces on your firewall.
          Wildcards specified using an asterisk ("*") are permitted (e.g.,
          tun* ). Usually used only when DUPLICATE is <code class="option">main</code>.
          Only copy routes through INTERFACE and through interfaces listed
          here. If you only wish to copy routes through INTERFACE, enter
          <code class="option">none</code> in this column.</p></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257783"></a><h2>Examples</h2><div class="variablelist"><dl><dt><span class="term">Example 1:</span></dt><dd><p>You run squid in your DMZ on IP address 192.168.2.99. Your DMZ
          interface is eth2</p><pre class="programlisting">        #NAME   NUMBER  MARK DUPLICATE  INTERFACE GATEWAY       OPTIONS
        Squid   1       1    -          eth2      192.168.2.99  -</pre></dd><dt><span class="term">Example 2:</span></dt><dd><p>eth0 connects to ISP 1. The IP address of eth0 is
          206.124.146.176 and the ISP's gateway router has IP address
          206.124.146.254.</p><p>eth1 connects to ISP 2. The IP address of eth1 is
          130.252.99.27 and the ISP's gateway router has IP address
          130.252.99.254.</p><p>eth2 connects to a local network.</p><pre class="programlisting">        #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY          OPTIONS            COPY
        ISP1  1       1    main      eth0      206.124.146.254 track,balance      eth2
        ISP2  2       2    main      eth1      130.252.99.254  track,balance      eth2</pre></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257838"></a><h2>FILES</h2><p>/etc/shorewall/providers</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257848"></a><h2>See ALSO</h2><p><a class="ulink" href="http://shorewall.net/MultiISP.html" target="_self">http://shorewall.net/MultiISP.html</a></p><p>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
    shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
    shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
    shorewall-policy(5), shorewall-proxyarp(5), shorewall-route_routes(5),
    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</p></div></div></body></html>