Hello, On Wednesday, 2008 September 3 at 15:52:37 -0700, jon hale wrote: > Hi, > Well I tried adding the CONNMARK line that you suggest. > I then try a simple ftp from here to there of a 2 byte file. > > I run tcpdumps on both the ppp0 and eth0 interfaces catching all of > the packets that are going out to "there". > > What I see is that when my machine (here) is responding to the Fin > packet sent by the server that this goes out eth0. When I thought that > I had configured it otherwise. > All other packets until that point seem happy to go out ppp0. > > Any ideas on why this packet would go out the "wrong" interface? > Suggestions on how I may continue to debug this? You may try to log every packet marked 0x1 in INPUT and OUTPUT filter chain to see it the mark is correclty propagated through the connection. By doing this, you will be able to check if your conditionnal routing can occur correctly. Just to be sure: Is nf_conntrack_ftp loaded ? It is necessary to have RELATED connection detected. BR, -- Eric Leblond INL: http://www.inl.fr/ NuFW: http://www.nufw.org/ -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
