[Please send your reply on the list so everyone can see it]
Paulo Andre a écrit :
Apparently I need this to get multiple isp links working correctly on
a FW. Packets entering interface eth2/eth3 all still leaving eth1,
default GW.
Can you elaborate ?
The incoming packets are not leaving out of the correct interfaces,
someone else has suggested that I need to use iptables as below:
iptables -t mangle -N alreadyestablished
iptables -t mangle -A alreadyestablished -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m connmark ! --mark 0 -j
alreadyestablished
iptables -t mangle -A PREROUTING -m ctstate --conntrack NEW -i eth1 -j
CONNMARK --set-mark 11
iptables -t mangle -A PREROUTING -m ctstate --conntrack NEW -i eth2 -j
CONNMARK --set-mark 12
and then iproute2 to route based on the 'mark'.
Would this be the correct solution?
The principle is correct.
I am trying to get ctstate working so that I can test this
The syntax is wrong. The correct syntax is "-m conntrack --ctstate NEW".
Besides, this just does the same as "-m state --state NEW".
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
