How about conn-marking the (NEW state)packets in POSTROUTING? -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Mohan Sundaram Sent: Friday, October 19, 2007 10:19 AM To: LARTC Subject: Re: exporting service on multiple wan Fabio Marcone wrote: > Hi all, > I've a routing problem. I'm setting up a router based on debian (kernel > 2.4). > > I need to setup routing to export an ftp service (ftp server is in dmz) > to 2 wan (both). > > I setup prerouting ad forward rule with no problem. > > The problem is that reply packet use default gateway (default wan) even > though they are enter using the other wan. > > I solved it marking packets in input from the dmz iface and force to use > another gateway (iproute2), but in this way I don't export ftp service > on default wan. > > how I can setup routing to export ftp service on both iface? > > Thanks in advance, > Fabio One way to do this: 1. Assign 2 private domain IP addresses to the ftp server and listen to both for ftp. IP1 and IP2 2. Map one IP each for WAN address. WAN1>>IP1 and WAN2>>IP2 3. On the Linux machine, set policy routing based on src IP of reply packet i.e. src IP1 goes thro' WAN1 and src IP2 goes thro' WAN2. Mohan _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
