On Mon, 3 Jun 2002, Jozsef Kadlecsik wrote:
> Actually, I'm surprised that at some time it worked.
So am I ;)
> What you want to achieve can be done by using Henrik Nordstrom's CONNMARK
> patch from patch-o-matic.
Thanks!! I've installed CONNMARK and got that working nicely.
In the following config I'm marking connections incoming on eth2 to ensure
replies go via eth2:-
iptables -A PREROUTING -i eth2 -t mangle -j CONNMARK --set-mark 1
Check if connmark is set and,if true, set the normal fwmark.
I assumed the mark connmark set was the standard one set by mark but this
doesn't seem to be the case?
iptables -A PREROUTING -t mangle -m connmark --mark 1 -j MARK --set-mark 1
Then take predefined route via eth2:-
ip rule add from 1.2.3.0/28 fwmark 1 table wan
This works nicely and allows my desktops to route their normal outgoing
traffic via the NAT'd broadband connection but also respond to requests
via the public routed subnet they sit on.
Steve.
