Alistair Tonner wrote:
I'm wondering if there are rules I can use (consider that the webserver/mailserver and FTP server are sadly on the firewall at the moment) to force the servers to reply
via the DSL or internal lan only, even if the default route points at the
cable link? (this would be a quick and dirty solution for me) -- the cablelink will have to shortly support a VPN tunnel back to work.
i was using Iproute2 like u until a day i decided to "man iptables" ....
i've found in EXTENSIONS TARGET section:
.... ROUTE
This is used to explicitly override the core network stack's routing decision. mangle table.
--oif ifname
Route the packet through `ifname' network interface --iif ifname
Change the packet's incoming interface to `ifname' --gw IP_address
Route the packet via this gateway--continue
Behave like a non-terminating target and continue traversing the rules. Not valid in combination with `--iif'
....
this way u can use a normal matching syntax of iptables and change the routing decision about the "interesting traffic".
I hope it works since i had no time yet to try it out ... let us know :)
bye
Attachment:
signature.asc
Description: OpenPGP digital signature
