Pascal Hambourg wrote:
Hello,
Paulo Andre a écrit :
I have a multiple isp fw
eth0 = int
eth1 = default isp
eth2 = sec isp
when I try and make a connection to and internal server via the eth2
, the packet appears on the PREROUTING table, and then not on FORWARD
, anyone have any ideas?
I guess there is a default route via eth1.
If so, first check that /proc/sys/net/ipv4/conf/eth2/rp_filter=0 else
the input routing, which takes place between PREROUTING and INPUT or
FORWARD, may drop incoming IP packets on eth2 whose source address is
not routed out via eth2 as a protection against IP spoofing.
Thanks Pascal, that fixed it.
Would I have to use CONNMARK and MARK to get connections leaving the
correct interface?
Paulo
