Hi Again,
well I'm doing some more investigation...
I add the iptables rule
iptables -t mangle -A PREROUTING -i eth20 -j MARK --set-mark 2
which is meant to mark connections coming in on eth20 (192.168.20.253)
with the number 2.
yet looking at the connections after making a connection to the box...
cat /proc/net/ip_conntrack
....
tcp 6 431997 ESTABLISHED src=60.242.51.252 dst=192.168.20.253
sport=2158 dport=25 packets=2 bytes=88 src=192.168.20.253
dst=60.242.51.252 sport=25 dport=2158 packets=1 bytes=48 [ASSURED]
mark=0 secmark=0 use=1
....
mark=0 ????! what am I doing wrong?
regards
Brian
p.s.
kernel compiled with
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_NETFILTER_ADVANCED=y
CONFIG_NF_CONNTRACK=y
CONFIG_NF_CT_ACCT=y
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_SECMARK=y
CONFIG_NF_CONNTRACK_EVENTS=y
Brian Austin wrote:
Hi,
after some problems with attempt #1 at dual wan routing I have decided
to start afresh. Unfortunately I have put the router in production so
I need to be pretty careful now with what I do, so thought to ask the
clever people for some thoughts.
for my second attempt
I have my kernel 2.6.25.15 patched with http://www.ssi.bg/~ja/#routes.
I have two isp connections and I advertise my mail server (smtp &
imap) on my first ISP connection, and my vpn connection on the other
isp connection.
mail - isp1 --adslmodem1---192.168.20.x
imaps |
dual wan router --192.168.41.x-- mail
imaps server is behind the wan router
is also vpn server
and smtp server
|
vpn - isp2 --adslmodem2---192.168.19.x
I port forward through the adsl modems to the wan router, adslmodem1
port forwards mail 25,993 ports, adslmodem2 forwards openvpn port.
openvpn is served up by the dual wan router, as is smtp.
the imap mail is served up by the mail server behind the wan router,
like this
iptables -A PREROUTING -d 192.168.20.253 -i eth20 -p tcp -m tcp
--dport 993 -j DNAT --to-destination 192.168.41.5:993
Now the problem I have at the moment is.
From the outside, I can only access services from one isp connection
at a time. So if I VPN in, then I cant access my imaps mail,
do I need to do some sort of packet marking to achieve this? So that
packets from the same internet host can route out both wan connections
simultaniously?
Pointers to example scripts or the right information to study appreciated
regards
Brian
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
