| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Howzit guys, I have a question that has been boggling my mind: i have 2 servers( firewalls) 1 server connected to main ISP and another to another ISP( only certain traffic 195.0.0.0/8) Server 1 to main ISP: lan: eth0 192.168.1.0/24 outside: eth1 196.15.203.194/30 gw 196.15.203.193 DMZ: eth3 196.16.202.209/28 (mailservers etc ) i have alot more subnets, but not necassary to use here private: eth4 10.0.10.2/24 Server 2 to second ISP ( only certain ips route through that) # network 195.0.0.0/8 must route through here outside: eth1 10.0.1.35/24 private: eth0 10.0.10.1/24 I use `ip rule add fwmark` and `iptables -t mangle PREROUTING` to route packets marked for 195.0.0.0/8 through 10.0.10.1/32 I masquarade the packets leaving eth1 on server 2 to 195.0.0.0/8 I want my DMZ section to be able to route to that network as well via 10.0.10.1 obviously when a packet from 195.0.0.0/8 send me a mail it comes in on server 1(via the internet) and should go back out server 1 ( with src routing enabled ) My question: with src routing enabled if I mark packets use `iptables -t mangle PREROUTING -i eth3 -s 196.16.202.209/28 -p all -j MARK --set-mark 888` will packets coming from 195.0.0.0 then be routed through server 2 , it wont work then cause its not src routed????? When i start a download or something from the mailserver in the dmz zone, it go out via server2 , but will packets coming which originate from 195.0.0.0/8 via internet be routed out through server 1 again with my src routing enabled i tried to explain it quite clearly, hope its understandable Hope u guys can help Thanks Jandre -- Regards Jandre "Some people are alive only because it is illegal to kill them." _____________________________________________________ _______________________________________________ LinuxManagers mailing list - http://www.linuxmanagers.org submissions: LinuxManagers@xxxxxxxxxxxxxxxxx subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers
[Home] [Kernel List] [Linux SCSI] [Video 4 Linux] [Linux Admin] [Yosemite News] [Motherboards]