Sorry, I forgot for a moment it was DMZ. In mangle PREROUTING -j CONNMARK restore-mark -m mark --mark 0x0 -i WAN1 -j CONNMARK --set-mark 0x1 -m mark --mark 0x0 -i WAN2 -j CONNMARK --set-mark 0x2 Two routing tables, one for each mark. -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Mohan Sundaram Sent: Friday, October 19, 2007 12:09 PM To: 'LARTC' Subject: Re: exporting service on multiple wan Salim S I wrote: > How about conn-marking the (NEW state)packets in POSTROUTING? > Would probably need to use conntrack ESTABLISHED,DNAT and ROUTE directive for packets coming from LAN to make sure packet goes out from the same interface it came on. Mohan _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
