Daniel Jay wrote: > > I'm sorry if this is to the wrong emailing list, if it is, please directly > me where to post this question. > > I'm going to start this email with saying I _think_ I've read everything I > can get my hands on about this subject, I've tried every example I can find, > with no luck. The second issue is that I can not upgrade to > netfilter/iptables because one of the applications I need requires "loose > udp routing". Either the examples in the mailing list do not apply or I > must be doing something wrong. > > Here is my problem, everything "works" but _all_ traffic goes out the > 207.152.31.185 internet connection. Here is what I need to happen, when > somebody connects to 216.254.12.42 port 80 that all traffic for that > "session" be answered back as 216.254.12.42 plus go out that internet > connection. > You will also notice if you're using MASQ, that the responses will come back from 207.152.31.185 with connections, but not via tcp or udp. You can choose to have entire computers using the sdsl to access the internet. Make another routing table (you need policy routing) and use `ip rule` to have the packets from those comps go to a different table with it's default route set to come from 216.254.12.42. If that isn't granular enough, you can route based on IP mark, and have some rules on your incoming chain (in 2.2) change the mark, and use `ip rule` to use a different table. Another thing you can do, is have a port forward daemon do all this for you. Though, you won't get the masqing and your servers will think all connections are from the gateway. This can be a temporary measure. > JayC Daniel > Senior Security Engineer > Security Integration Hmm, nice title. What'd you have to do to get to that position? Mike
