Le 25/02/2013 15:28, Daniel huhardeaux a écrit :
Hello,
I'm running a Debian Squeeze with iptables 1.4.8. The server has 3
physical interfaces, local one (eth2) being bridged as br0. Both other
interfaces are connected too 2 providers in ADSL (eth0) and SDSL (eth1).
Default route is going out through eth1. Two computers are going out
using eth1, ip rule make this setup working.
What I want now, is to mark packets 0x1 for eth0 0x2 (or nothing) for
eth1, so I will be able to use the links by services for instane (like
ssh and http connections going out using eth0, doesn't matter which
computer) rest of traffic using the default route.
I got it, for archives. Two problems:
. -J CONNMARK doesn't do the job as -j MARK does
. have to deativate reverse path filtering which protect from IP
spoofing ( /etc/sysctl.conf net.ipv4.conf.all.rp_filter =0)
More info here
http://www.sysresccd.org/Sysresccd-Networking-EN-Iptables-and-netfilter-load-balancing-using-connmark
Regards
--
TOOTAi
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
