On 4 July 2012 13:59, Manuel Wolfshant <[email protected]> wrote:
> On 07/04/2012 03:46 PM, John Haxby wrote: > >> >> Loose mode reverse path filtering isn't usually recommended, though, not >> least because asymmetric routing can mess up TCP's flow control. I keep >> hoping that someone will post a succinct guide to having packets route back >> through the interface they came in on (I know it can be done, I've just >> never sat down and worked it out in detail.) >> > > EXTERNAL_INTERFACE1="eth1.5" > EXTERNAL_INTERFACE2="eth1.6" > $IPTABLES -t mangle -A PREROUTING -j CONNMARK --restore-mark > $IPTABLES -t mangle -A PREROUTING -i "$EXTERNAL_INTERFACE1" -j MARK > --set-mark 2 > $IPTABLES -t mangle -A PREROUTING -i "$EXTERNAL_INTERFACE2" -j MARK > --set-mark 3 > $IPTABLES -t mangle -A POSTROUTING -j CONNMARK --save-mark > > > > [root@mail ~]# grep mark /etc/sysconfig/network-**scripts/rule-eth* > /etc/sysconfig/network-**scripts/rule-eth1.5:fwmark 2 table T1 > /etc/sysconfig/network-**scripts/rule-eth1.6:fwmark 3 table T2 > > > The rest is left as exercise for the reader > > Thank you very much! jch -- Phear the Penguin
_______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
