I finally did it in a way simillar as you described. Marking pakets and using nat. BUT everything start working great when I found a little detail:
echo "0" > /proc/sys/net/ipv4/conf/eth1
/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter
Without this, things were confused.
Where this come from? I found this trick in a HowTo from a Spain site:
http://bulma.net/body.phtml?nIdNoticia=1615
Nowhere else!
So, what I did, is a common mistake? Is this assumed by default in every configuration and because of this, there is no comments about this in any other tutorial or howto?
Anyway, ones again Mike, thank you!!
Best regards
J.D.Bistevins
echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter
Without this, things were confused.
Where this come from? I found this trick in a HowTo from a Spain site:
http://bulma.net/body.phtml?nIdNoticia=1615
Nowhere else!
So, what I did, is a common mistake? Is this assumed by default in every configuration and because of this, there is no comments about this in any other tutorial or howto?
Anyway, ones again Mike, thank you!!
Best regards
J.D.Bistevins
On 12/20/05, Michael Davidson <michael@xxxxxxxxx> wrote:
Hi,
There is another way to do this, but I doubt that it is anymore
elegant than what you have right now. I have just completed this same
task and I can say that if I could have used your method - overlaying
another subnet -I would have done so since it's a cleaner solution in my
view.
I used iptables to "mark" the packets of the flows that where generated
by the server ( WWW).
I created a second routing table with it's own default route.
I created an "ip rule" which looks for a "mark" on the packets and
directs those packets to the new routing table.
Keep in mind, for this to work correctly you need to be using NAT or
Masquerade on at least one of your ISP ports.
Regards Mike
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
