On 09/26/2012 10:16 PM, Gordon Messmer wrote:
> On 09/26/2012 09:15 AM, Steve Clark wrote:
>> Is there a way to make this work correctly?
> Shorewall will generate a proper configuration if you specify the
> "track" option in the "providers" file. It might be a good idea to use
> that to generate your configs rather than building them by hand.
>
> I believe that you need to mark your connections and use the marks to
> select the routing table, in addition to using the "from" rules that you
> posted. Otherwise, nothing binds the connection to a fixed
> route/interface in a load balanced configuration.
I was trying to figure out what criteria to use to mark the connection. FTP is such a
braindead application, using to channels and active and passive mode. What really
needs to happen is someway to tell the kernel to recheck the routing after SNAT.
--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark@xxxxxxxxxxxxx
http://www.netwolves.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
