<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>shorewall-providers</title><link rel="stylesheet" href="html.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.73.2" /></head><body><div class="refentry" lang="en" xml:lang="en"><a id="id257171"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>providers — Shorewall Providers file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">/etc/shorewall/providers</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257202"></a><h2>Description</h2><p>This file is used to define additional routing tables. You will want to define an additional table if:</p><div class="itemizedlist"><ul type="disc"><li><p>You have connections to more than one ISP or multiple connections to the same ISP</p></li><li><p>You run Squid as a transparent proxy on a host other than the firewall.</p></li><li><p>You have other requirements for policy routing.</p></li></ul></div><p>Each entry in the file defines a single routing table.</p><p>If you wish to omit a column entry but want to include an entry in the next column, use "-" for the omitted entry.</p><p>The columns in the file are as follows.</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>NAME</strong></span> - <span class="emphasis"><em>name</em></span></span></dt><dd><p>The provider <span class="emphasis"><em>name</em></span>. Must be a valid shell variable name. The names 'local', 'main', 'default' and 'unspec' are reserved and may not be used as provider names.</p></dd><dt><span class="term"><span class="bold"><strong>NUMBER</strong></span> - <span class="emphasis"><em>number</em></span></span></dt><dd><p>The provider number -- a number between 1 and 15. Each provider must be assigned a unique value.</p></dd><dt><span class="term"><span class="bold"><strong>MARK</strong></span> - <span class="emphasis"><em>value</em></span></span></dt><dd><p>A FWMARK <span class="emphasis"><em>value</em></span> used in your <a class="ulink" href="shorewall-tcrules.html" target="_self">shorewall-tcrules</a>(5) file to direct packets to this provider.</p><p>If HIGH_ROUTE_MARKS=Yes in <a class="ulink" href="shorewall.conf.html" target="_self">shorewall.conf</a>(5), then the value must be a multiple of 256 between 256 and 65280 or their hexadecimal equivalents (0x0100 and 0xff00 with the low-order byte of the value being zero). Otherwise, the value must be between 1 and 255. Each provider must be assigned a unique mark value.</p></dd><dt><span class="term"><span class="bold"><strong>DUPLICATE</strong></span> - <span class="emphasis"><em>routing-table-name</em></span></span></dt><dd><p>The name of an existing table to duplicate to create this routing table. May be <code class="option">main</code> or the name of a previously listed provider. You may select only certain entries from the table to copy by using the COPY column below.</p></dd><dt><span class="term"><span class="bold"><strong>INTERFACE</strong></span> - <span class="emphasis"><em>interface</em></span></span></dt><dd><p>The name of the network interface to the provider. Must be listed in <a class="ulink" href="shorewall-interfaces.html" target="_self">shorewall-interfaces</a>(5).</p></dd><dt><span class="term"><span class="bold"><strong>GATEWAY</strong></span> - {<span class="bold"><strong>-</strong></span>|<span class="emphasis"><em>address</em></span>|<span class="bold"><strong>detect</strong></span>}</span></dt><dd><p>The IP address of the provider's gateway router.</p><p>You can enter "detect" here and Shorewall will attempt to detect the gateway automatically.</p><p>For PPP devices, you may omit this column.</p></dd><dt><span class="term"><span class="bold"><strong>OPTIONS</strong></span> (Optional) - [<span class="bold"><strong>-</strong></span>|<span class="emphasis"><em>option</em></span>[<span class="bold"><strong>,</strong></span><span class="emphasis"><em>option</em></span>]...]</span></dt><dd><p>A comma-separated list selected from the following. The order of the options is not significant but the list may contain no embedded whitespace.</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>track</strong></span></span></dt><dd><p>If specified, inbound connections on this interface are to be tracked so that responses may be routed back out this same interface.</p><p>You want to specify <code class="option">track</code> if internet hosts will be connecting to local servers through this provider.</p></dd><dt><span class="term"><span class="bold"><strong>balance[=<em class="replaceable"><code>weight</code></em>]</strong></span></span></dt><dd><p>The providers that have <code class="option">balance</code> specified will get outbound traffic load-balanced among them. By default, all interfaces with <code class="option">balance</code> specified will have the same weight (1). You can change the weight of an interface by specifiying <code class="option">balance=</code><em class="replaceable"><code>weight</code></em> where <em class="replaceable"><code>weight</code></em> is the weight of the route out of this interface.</p></dd><dt><span class="term"><span class="bold"><strong>loose</strong></span></span></dt><dd><p>Shorewall normally adds a routing rule for each IP address on an interface which forces traffic whose source is that IP address to be sent using the routing table for that interface. Setting <code class="option">loose</code> prevents creation of such rules on this interface.</p></dd><dt><span class="term"><span class="bold"><strong>optional</strong></span></span></dt><dd><p>If the interface named in the INTERFACE column is not up and configured with an IPv4 address then ignore this provider.</p></dd></dl></div></dd><dt><span class="term"><span class="bold"><strong>COPY</strong></span> - [{<code class="option">none</code>|<span class="emphasis"><em>interface</em></span><span class="bold"><strong>[,</strong></span><span class="emphasis"><em>interface</em></span>]...}]</span></dt><dd><p>A comma-separated list of other interfaces on your firewall. Wildcards specified using an asterisk ("*") are permitted (e.g., tun* ). Usually used only when DUPLICATE is <code class="option">main</code>. Only copy routes through INTERFACE and through interfaces listed here. If you only wish to copy routes through INTERFACE, enter <code class="option">none</code> in this column.</p></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257783"></a><h2>Examples</h2><div class="variablelist"><dl><dt><span class="term">Example 1:</span></dt><dd><p>You run squid in your DMZ on IP address 192.168.2.99. Your DMZ interface is eth2</p><pre class="programlisting"> #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS Squid 1 1 - eth2 192.168.2.99 -</pre></dd><dt><span class="term">Example 2:</span></dt><dd><p>eth0 connects to ISP 1. The IP address of eth0 is 206.124.146.176 and the ISP's gateway router has IP address 206.124.146.254.</p><p>eth1 connects to ISP 2. The IP address of eth1 is 130.252.99.27 and the ISP's gateway router has IP address 130.252.99.254.</p><p>eth2 connects to a local network.</p><pre class="programlisting"> #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY ISP1 1 1 main eth0 206.124.146.254 track,balance eth2 ISP2 2 2 main eth1 130.252.99.254 track,balance eth2</pre></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257838"></a><h2>FILES</h2><p>/etc/shorewall/providers</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257848"></a><h2>See ALSO</h2><p><a class="ulink" href="http://shorewall.net/MultiISP.html" target="_self">http://shorewall.net/MultiISP.html</a></p><p>shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-proxyarp(5), shorewall-route_routes(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</p></div></div></body></html>