On Wed, Jan 23, 2013 at 05:47:02PM -0300, Roberto Scattini wrote: > i also tried a different approach, found somewhere with google, that is > more in line with my understanding of the problem. > basically, it marks the packets so they can be routed back to the same nic > they came in: > > ip route flush table T1 > ip rule del fwmark 101 table T1 > ip route add table T1 default via YY.20.YY.3 > ip rule add fwmark 101 table T1 > ip route flush table T2 > ip rule del fwmark 102 table T2 > ip route add table T2 default via XX.220.XX.178 > ip rule add fwmark 102 table T2 > > # Ensure traffic in one interface goes back out the same interface > iptables -t mangle -F PREROUTING > iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark > iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT > iptables -t mangle -A PREROUTING -i eth4 -m state --state NEW -j MARK > --set-mark 101 > iptables -t mangle -A PREROUTING -i eth3 -m state --state NEW -j MARK > --set-mark 102
Possibly a silly question, but something you might have overloooked -
what does your nat table look like? Are you forwarding the traffic from
eth4 to your web server?
Cheers,
Tom
--
"Rights" is a fictional abstraction. No one has "Rights", neither machines
nor flesh-and-blood. Persons... have opportunities, not rights, which they
use or do not use.
-- Lazarus Long
signature.asc
Description: Digital signature
