I have similar problem. Did you got it working ? I used --set-mark in PREROUTING and setup a routing table for the Arcor connection then used SNAT for packets from internal net going thru the Arcor, so I got replys ok, but I couldn't make incoming connections thru QSC get replyed to QSC connections, since --set-mark in PREROUTING also mangles that replays and so the routing tryies to sent them thru Arcor. I couldn't use ESTABLISH,RELATED since in both situations a meat this conditions. I couldn't try it now, but I think that the connmark modul could solve the problem, since it seams to be able to restor a mark based on connection tracking, so I guess I could mark connections from QSC and then restore this mark on replay to that connections and use this mark to route them back to QSC. If someone could test this or knows how to connect to 2 ISPs please let me/us know how to set it up. Alex Cópia Kim Jensen <kimj@xxxxxxx>: > Hi all, > > After having gnawed myself through tons of docs, having discussed this > problem > on the Linux Advanced Router & Traffic Control mailinglist, I am simply > > beginning to be desperate. > > My problem is as follows; I have 2 internet providers, QSC & Arcor. QSC > is a > fast connection where we have 32 static IP addresses which should be > mapped > to our 32 internal machines. Arcor is a cheap flatrate, where we wish to > see > all our traffic running. I have set up a routing so using --set-mark, I > can > tell the routing system which route to pick by using an fwmark rule. > > The way we wish to have the system working is rather simple, all traffic > > should go via the Arcor, only mail should go via the QSC. All incoming > > traffic for the QSC should of course be answered. > > To match the setup, I'm trying two things; First to make external > connections, > and second, to make internal connections. > > When making an external connection, the packets passes through the > firewall, > enters my internal server, and is being replied correctly, but then when > it > hits the firewall it gets lost! > > When making an internal connection, the packet hits the external server, > an > ack comes back and I receive this, but when sending anything after the > first > ack (initial reply), it gets lost as above! > > My problem seems tobe lying in the connection tracking, which simply > doesn't > work properly. I have a rule for all packets arriving on the QSC > interface > that they should have their destination rewritten to the internal net, > this > works fine, but when apparently I'm making a mistake somewhere. > > Instead of showing my embarassing attempts of setting up a set of > sensible > iptable rules, can anyone please give me a hint to what I have to do? > > /Kim > >
