Daniel Chemko
2004-03-02 20:18:46 UTC
Does anyone know if these two technologies are compatible?
I am using CONNMARK to do policy routing. I use it to select which WAN
interface the packet will leave the system. It seems that CONNMARK
doesn't mark related traffic. This makes it very hard to implement what
I am trying to do.
My rules are as follows:
${IPTABLES} -t mangle -A PREROUTING --source ${_fip} --destination
${_sip} -p ${_proto} -j CONNMARK --set-mark ${_fwmark} -m mark --mark 0
This rule is what I use to select which traffic goes through which
interface. Since state established can't be matched on what initially
evoked it (like saying "if this packet is established and was
established by FTP from X to Y").
In a NAT situation, how would I route FTP for example so that all the
related sessions are routed back to the same interface. I don't want a
broad rule that just matches all RELATED rules.
Any hints?
I am using CONNMARK to do policy routing. I use it to select which WAN
interface the packet will leave the system. It seems that CONNMARK
doesn't mark related traffic. This makes it very hard to implement what
I am trying to do.
My rules are as follows:
${IPTABLES} -t mangle -A PREROUTING --source ${_fip} --destination
${_sip} -p ${_proto} -j CONNMARK --set-mark ${_fwmark} -m mark --mark 0
This rule is what I use to select which traffic goes through which
interface. Since state established can't be matched on what initially
evoked it (like saying "if this packet is established and was
established by FTP from X to Y").
In a NAT situation, how would I route FTP for example so that all the
related sessions are routed back to the same interface. I don't want a
broad rule that just matches all RELATED rules.
Any hints?