<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>shorewall-route_rules</title><link rel="stylesheet" href="html.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.73.2" /></head><body><div class="refentry" lang="en" xml:lang="en"><a id="id257171"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>route_rules — Shorewall Routing Rules file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">/etc/shorewall/route_rules</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257202"></a><h2>Description</h2><p>Entries in this file cause traffic to be routed to one of the
    providers listed in <a class="ulink" href="shorewall-providers.html" target="_self">shorewall-providers</a>(5).</p><p>The columns in the file are as follows.</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>SOURCE</strong></span> (Optional) - {<span class="bold"><strong>-</strong></span>|<span class="emphasis"><em>interface</em></span>|<span class="emphasis"><em>address</em></span>|<span class="emphasis"><em>interface</em></span><em class="firstterm">:</em><span class="emphasis"><em>address</em></span>}</span></dt><dd><p>An ip <span class="emphasis"><em>address</em></span> (network or host) that
          matches the source IP address in a packet. May also be specified as
          an <span class="emphasis"><em>interface</em></span> name optionally followed by ":"
          and an address. If the device <span class="bold"><strong>lo</strong></span> is
          specified, the packet must originate from the firewall
          itself.</p></dd><dt><span class="term"><span class="bold"><strong>DEST</strong></span> (Optional) - {<span class="bold"><strong>-</strong></span>|<span class="emphasis"><em>address</em></span>}</span></dt><dd><p>An ip address (network or host) that matches the destination
          IP address in a packet.</p><p>If you choose to omit either <span class="bold"><strong>SOURCE</strong></span> or <span class="bold"><strong>DEST</strong></span>, place "-" in that column. Note that you
          may not omit both <span class="bold"><strong>SOURCE</strong></span> and
          <span class="bold"><strong>DEST</strong></span>.</p></dd><dt><span class="term"><span class="bold"><strong>PROVIDER</strong></span> -
        {<span class="emphasis"><em>provider-name</em></span>|<span class="emphasis"><em>provider-number</em></span>|<span class="bold"><strong>main</strong></span>}</span></dt><dd><p>The provider to route the traffic through. May be expressed
          either as the provider name or the provider number. May also be
          <span class="bold"><strong>main</strong></span> or 254 for the main routing
          table. This can be used in combination with VPN tunnels, see example
          2 below.</p></dd><dt><span class="term"><span class="bold"><strong>PRIORITY</strong></span> -
        <span class="emphasis"><em>priority</em></span></span></dt><dd><p>The rule's numeric <span class="emphasis"><em>priority</em></span> which
          determines the order in which the rules are processed. Rules with
          equal priority are applied in the order in which they appear in the
          file.</p><div class="variablelist"><dl><dt><span class="term">1000-1999</span></dt><dd><p>Before Shorewall-generated 'MARK' rules</p></dd><dt><span class="term">11000-11999</span></dt><dd><p>After 'MARK' rules but before Shorewall-generated rules
                for ISP interfaces.</p></dd><dt><span class="term">26000-26999</span></dt><dd><p>After ISP interface rules but before 'default'
                rule.</p></dd></dl></div></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257612"></a><h2>Examples</h2><div class="variablelist"><dl><dt><span class="term">Example 1:</span></dt><dd><p>You want all traffic coming in on eth1 to be routed to the
          ISP1 provider.</p><pre class="programlisting">        #SOURCE                 DEST            PROVIDER        PRIORITY
        eth1                    -               ISP1            1000
</pre></dd><dt><span class="term">Example 2:</span></dt><dd><p>You use OpenVPN (routed setup /tunX) in combination with
          multiple providers. In this case you have to set up a rule to ensure
          that the OpenVPN traffic is routed back through the tunX
          interface(s) rather than through any of the providers. 10.8.0.0/24
          is the subnet chosen in your OpenVPN configuration (server 10.8.0.0
          255.255.255.0).</p><pre class="programlisting">         #SOURCE                 DEST            PROVIDER        PRIORITY
         -                       10.8.0.0/24     main            1000
</pre></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257660"></a><h2>FILES</h2><p>/etc/shorewall/route_rules</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257670"></a><h2>See ALSO</h2><p><a class="ulink" href="http://shorewall.net/MultiISP.html" target="_self">http://shorewall.net/MultiISP.html</a></p><p>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
    shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
    shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
    shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</p></div></div></body></html>