> I am hoping that somebody else on the LARTC list has tried this and lived > through the pitfalls of using conntrack in this fashion--perhaps somebody > can even point out if I'm leading you down the wrong path. I've used such a setup recently, worked fine and was 95% similar to what you listed. Found it googling around. One pitfall is dual connection protocols like PPTP and active FTP, where the inside server opens a connection back to external client. I suppose that if a helper is available, RELATED will make things work; I solved this by using an IP alias on LAN so connection inbound from one link would go to one IP, the other will go other IP and both are aliased on the same server. The simpler protocols used the fwmark so firewall rules could be made short. Rubens _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
