On Sat, 2004-12-11 at 08:06, Andreas Grabner wrote: > Hi > > On Fri, Dec 10, 2004 at 02:20:08PM -0500, Jason Opperisano wrote: > > the trick is to make sure that replies to requests that come in from > > ISP1 go back out ISP1. dchemko@ seems to be the "connmark master" > > when > > it comes to this stuff--have a look at: > > > > http://marc.theaimsgroup.com/?l=netfilter&m=108094979204392&w=2 > > At 23:12 i got it to work with this excelent answer. And it's work for > houres now. > > Thanks a lot to Daniel and Jason. > > One more thing would be interesting for me: > I have turned of rp_filter is this realy needed? I have not seen (with > wine-red Eyes) any packest comming in the "wrong" interface. you should be OK turning rp_filter back on. to be safe--also turn on "log_martians" so that you'll have some indication that rp_filter is dropping packets in your system log. -j -- "Beer. Now there's a temporary solution." --The Simpsons
