[LARTC] Fwd: Inbound and outbound traffic problem
Janis Daniel Bistevins
bistevins at gmail.com
Wed Dec 21 12:56:41 CET 2005
Thanks Michael for your answer!
I finally did it in a way simillar as you described. Marking pakets and
using nat. BUT everything start working great when I found a little detail:
echo "0" > /proc/sys/net/ipv4/conf/eth1 /rp_filter
echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter
Without this, things were confused.
Where this come from? I found this trick in a HowTo from a Spain site:
http://bulma.net/body.phtml?nIdNoticia=1615
Nowhere else!
So, what I did, is a common mistake? Is this assumed by default in every
configuration and because of this, there is no comments about this in any
other tutorial or howto?
Anyway, ones again Mike, thank you!!
Best regards
J.D.Bistevins
On 12/20/05, Michael Davidson <michael at bbd.co.za> wrote:
>
> Hi,
> There is another way to do this, but I doubt that it is anymore
> elegant than what you have right now. I have just completed this same
> task and I can say that if I could have used your method - overlaying
> another subnet -I would have done so since it's a cleaner solution in my
> view.
>
> I used iptables to "mark" the packets of the flows that where generated
> by the server ( WWW).
> I created a second routing table with it's own default route.
> I created an "ip rule" which looks for a "mark" on the packets and
> directs those packets to the new routing table.
>
> Keep in mind, for this to work correctly you need to be using NAT or
> Masquerade on at least one of your ISP ports.
>
> Regards Mike
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20051221/9bf8f93f/attachment.html
More information about the LARTC
mailing list