I have a question that has been boggling my mind:
i have 2 servers( firewalls)
1 server connected to main ISP and another to another ISP( only certain traffic 195.0.0.0/8)
Server 1 to main ISP:
lan: eth0 192.168.1.0/24 outside: eth1 196.15.203.194/30 gw 196.15.203.193 DMZ: eth3 196.16.202.209/28 (mailservers etc ) private: eth4 10.0.10.2/24
Server 2 to second ISP ( only certain ips route through that) # network 195.0.0.0/8 must route through here
outside: eth1 10.0.1.35/24 private: eth0 10.0.10.1/24
I use `ip rule add fwmark` and `iptables -t mangle PREROUTING` to route packets marked for 195.0.0.0/8 through 10.0.10.1/32
I masquarade the packets leaving eth1 on server 2 to 195.0.0.0/8
I want my DMZ section to be able to route to that network as well via 10.0.10.1
obviously when a packet from 195.0.0.0/8 send me a mail it comes in on server 1(via the internet) and should go back out server 1 ( with src routing enabled )
My question:
with src routing enabled if I mark packets use `iptables -t mangle PREROUTING -i eth3 -s 196.16.202.209/28 -p all -j MARK --set-mark 888` will packets coming from 195.0.0.0 then be routed through server 2 , it wont work then cause its not src routed?????
When i start a download or something from the mailserver in the dmz zone, it go out via server2 , but will packets coming which originate from 195.0.0.0/8 via internet be routed out through server 1 again with my src routing enabled
i tried to explain it quite clearly, hope its understandable
Hope u guys can help
Thanks
-- Regards Jandre
"Some people are alive only because it is illegal to kill them."
_____________________________________________________
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
