On Fri, 13 Jan 2012 09:22:04 -0600, Dimitri Yioulos <dyioulos@xxxxxxxxxxxxx> wrote:
Er, sorry, seems like I don't even remember my own network scheme. internal LAN addresses are 192.168.100.0/22, and internal DMZ addresses are 192.168.1.0/24. (The 10.x.x.x addresses are used by our VPN.)
Again, I think you will have to use connection marking/mark restore as I detailed in a previous post. I don't believe that "ip rule add from x.x.x.x fwmark 1" will work when nat is used. Andy or another of the experts here may have comments on this. Otherwise, I think you can go ahead and try implementing your multi-uplink firewall based on the advice Andy and I have offered. -- Lloyd -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
