Bas Verhoeven a écrit :
Which option did you choose ?
[...]
On the webserver we now mark all outgoing web packets:
[...]
And we use iproute2 to forward them back to the outbound server:
[...]
Ok. You seem to know how to use advanced routing, I am a bit surprised
you said you "weren't aware of that option".
Couldn't test with CONNMARK, as the box doesn't ship with that, but MARK
works great for now.
The 'CONNMARK' target and the 'connmark' match were included in the
kernel 2.6.10. Earlier kernel versions had to be patched with the
patch-o-matic-ng.
I did test your last option too, but that just didn't work and sounded
very hacky-ish, not something we could rely on, even if it worked.
Huh, what last option ? I don't know what you're talking about. ;-)
