On Fri, 2004-12-10 at 14:03, Andreas Grabner wrote: > Hi, > i try to get the following work for days now and realy need some hints. > My situaution: > I have 2 independent links to the internet. I would like to get > connections from the internet to an internal host work, regardless to > which of my external IP. > I tried it by marking packets coming in EXTIF1 and set up a own routing > table for marked packets. But it seems the routing does not work bacause > teh packets disappear between PREROUTING and FORWARD. > Please help! > > Some config lines: > # ip rule ls > 0: from all lookup local > 32765: from all fwmark 1 lookup post.out > 32766: from all lookup main > 32767: from all lookup default > > # ip ro sh tab post.out > 192.168.100.0/24 dev eth0 scope link src 192.168.100.3 > default via EXTIP2 dev eth2 > > # iptables -L -nv -t mangle > 1624 113K MARK all -- eth2 * 0.0.0.0/0 > 0.0.0.0/0 MARK set 0x1 > Thanks for any Tips, Documentation links ... > > Andreas Grabner the trick is to make sure that replies to requests that come in from ISP1 go back out ISP1. dchemko@ seems to be the "connmark master" when it comes to this stuff--have a look at: http://marc.theaimsgroup.com/?l=netfilter&m=108094979204392&w=2 for a very thorough example. -j -- "My cat's breath smells like cat food." --The Simpsons
