[Shorewall-newbies] Routing

Tom Eastep teastep at shorewall.net
Tue Jan 27 13:00:24 PST 2004

On Tuesday 27 January 2004 12:51 pm, David Burrow wrote:
> Hello All,
> 	I've been using shorewall for a while, but I think this is a pretty
> basic question so I figured I'd post it to the newbies list.
> 	I've seen mention on the users list recently that Shorewall 2.0 will
> no longer have routing capabilities.  I'm unclear as to what this
> means specifically.  Does this mean that I'll no longer to use
> shorewall to forward ports, do DNAT, etc.?  My understanding was that
> a computer that handles NAT and portforwarding is essentially a
> "router."  Will this functionality be eliminated with Shorewall 2.0,
> or does "routing" mean something else?

From a post that I sent to the user's list this morning:
> I have noticed as of late that Tom has mentioned that routing support
> will be taken out

Shorewall 1.4 alters the routing table when an entry in 
/etc/shorewall/proxyarp contains 'No' in the HAVEROUTE column. This has the 
unfortunate side effect that the route added at "shorewall start" time is 
removed at "shorewall stop". In most cases, it is desirable for the route to 
be present when Shorewall is stopped. In 2.0, the HAVEROUTE column will be 
eliminated and host routes for Proxy ARP will have to be added outside of 
In other words, Shorewall will no longer be in the business of *CHANGING* the 
routing table.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list