I am hoping that somebody else on the LARTC list has tried this and lived
through the pitfalls of using conntrack in this fashion--perhaps somebody
can even point out if I'm leading you down the wrong path.
I've used such a setup recently, worked fine and was 95% similar to what
you listed.
iptables -t nat -I PREROUTING -i $internal -s $intserver \
--match conntrack --ctorigdst $ip_t1 -j MARK --set-mark 1
iptables -t nat -I PREROUTING -i $internal -s $intserver \
--match conntrack --ctorigdst $ip_t2 -j MARK --set-mark 2
ip rule add from $intserver fwmark 1 table
I am working on a split route and ShoreWall system. I
reviewed the lartc documentation but have a few areas that I still need help
on.
Here is my network:
64.xxx.xxx.1/25 66.xxx.xxx.129/26
| |
#
# Eth2 64.xxx.xxx.2 eth0