[LARTC] exporting service on multiple wan
Salim S I
salim.si at cipherium.com.tw
Fri Oct 19 07:36:13 CEST 2007
Sorry, I forgot for a moment it was DMZ.
In mangle PREROUTING
-j CONNMARK restore-mark
-m mark --mark 0x0 -i WAN1 -j CONNMARK --set-mark 0x1
-m mark --mark 0x0 -i WAN2 -j CONNMARK --set-mark 0x2
Two routing tables, one for each mark.
-----Original Message-----
From: lartc-bounces at mailman.ds9a.nl
[mailto:lartc-bounces at mailman.ds9a.nl] On Behalf Of Mohan Sundaram
Sent: Friday, October 19, 2007 12:09 PM
To: 'LARTC'
Subject: Re: [LARTC] exporting service on multiple wan
Salim S I wrote:
> How about conn-marking the (NEW state)packets in POSTROUTING?
>
Would probably need to use conntrack ESTABLISHED,DNAT and ROUTE
directive for packets coming from LAN to make sure packet goes out from
the same interface it came on.
Mohan
_______________________________________________
LARTC mailing list
LARTC at mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
More information about the LARTC
mailing list