On Fri, 13 Jan 2012 09:22:04 -0600, Dimitri Yioulos <dyioulos@xxxxxxxxxxxxx> wrote:
Er, sorry, seems like I don't even remember my own network scheme.
internal LAN addresses are 192.168.100.0/22, and internal DMZ
addresses are 192.168.1.0/24. (The 10.x.x.x addresses are used
by our VPN.)
Again, I think you will have to use connection marking/mark restore as I detailed in a previous post. I don't believe that "ip rule add from x.x.x.x fwmark 1" will work when nat is used. Andy or another of the experts here may have comments on this. Otherwise, I think you can go ahead and try implementing your multi-uplink firewall based on the advice Andy and I have offered.
--
Lloyd
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Linux Networking Development]
[Linux Kernel Development]
[Linux Resources]
[LARTC]
[Bugtraq]
[Consulting]
[Free Internet Dating]
[Yosemite Forum]
[Photo]
