I've got sort of a strange setup that I'm looking to accomplish some
strange async routing. I know how I want to accomplish it and am pretty
sure that I can do it with netfilter but just can't seem to find the
proper way.
Here's the rundown on the network setup:
[ LAN ] --
[ DMZ ] -- [ Firewall/Router ] -- [ WAN ]
|
|
[ WLAN ]
The WLAN is between myself and a couple of other people in my building to
provide redundant paths out of each of our networks and is working
beautifully. We all advertise (via BGP) blocks close to us to each to
provide the shortest path as well.
Comming from the WAN I have a /29 routed to the DMZ which services a
number of machines that provide different services.
The firewall/router is a linux box that is running iptables.
Now the problem:
Because of the advertisments comming over the WLAN I now have about 40
routes in the kernel routing table. Most of them are not very specific
since we advertise our ISP's blocks to each other, so I have routes for
/16's, /21's, etc... What happens is when someone that resides in one of
these blocks that I'm getting advertisements for tries to access an
address in my /29 their return path follows the advertisment over the
WLAN.
Using the iproute2 package I've created a second routing table with a
single default route out my WAN default route. I'm hopping that there's a
way to tag the connection in the conntrack table and then -j MARK it when
a related,established packet comes back so that I use the iproute2 package
to specify that the second routing table will be used.
Anyone know of a way that I can accomplish this?
Thanks in advance,
Evan
--
Evan Borgstrom <evan@unixpimps.org>
http://www.unixpimps.org - SIG:ILL
