From: Dimitri Yioulos <dyioulos@onpointfc.com>
To: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Re: Dual WAN set-up
Date: Mon, 16 Jan 2012 16:43:37 -0500 [thread overview]
Message-ID: <201201161643.38037.dyioulos@onpointfc.com> (raw)
On Monday 16 January 2012 3:28:14 pm you wrote:
> On Mon, 16 Jan 2012 08:56:23 -0600, Dimitri Yioulos
<dyioulos@onpointfc.com> wrote:
> > Before I commit this new set-up, I'd like to post the
> > ste-by-step instructions I wrote up for your kind review:
>
> I don't quite understand your network configuration, but the
> ideas we provided on split-access to uplinks should adaptable
> to any situation.
>
> > Under this set-up, don't I need to add POSTROUTING AND
> > FORWARDING rules? Sorry for my stupidity, but I set the
> > original up a long time ago, and certainly don't know all
> > there is to know. Your continued patience and support are
> > greatly appreciated.
>
> The PREROUTING chain of the mangle table will handle the
> marking of new connection packets as well as recovery of the
> connection mark to the packet mark. There should be no other
> iptables stuff required to mark the packets, and "ip rule add
> fwmark..." will handle sending the marked packets to the right
> routing table.
>
> I think you are doing SNAT, which uses POSTROUTING chain. You
> you will want to keep that.
>
> Others here are much more knowledgeable and may have more
> comments. --
> Lloyd
Thanks, Lloyd. Sorry if I'm being a pita. I think what I'll do
is follow your instructions, but liven up a test server first
(doh :-) ). Of course, if that works, the rest is cake. If it
doesn't, hopefully I'll have some error messages/more information
to post back so that we can do some troubleshooting. Sound
reasonable?
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
next reply other threads:[~2012-01-16 21:43 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-16 21:43 Dimitri Yioulos [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-01-12 21:51 Dual WAN set-up Dimitri Yioulos
2012-01-12 22:28 ` Andrew Beverley
2012-01-12 22:48 ` Dimitri Yioulos
2012-01-13 7:18 ` Andrew Beverley
2012-01-12 23:08 ` Lloyd Standish
2012-01-12 23:12 ` Lloyd Standish
2012-01-12 23:22 ` Dimitri Yioulos
2012-01-12 23:19 ` Dimitri Yioulos
2012-01-13 0:52 ` Lloyd Standish
2012-01-13 7:25 ` Andrew Beverley
2012-01-13 11:47 ` Dimitri Yioulos
2012-01-13 14:17 ` Lloyd Standish
2012-01-13 15:17 ` Dimitri Yioulos
2012-01-13 15:22 ` Dimitri Yioulos
2012-01-14 2:27 ` Lloyd Standish
[not found] ` <201201160956.23955.dyioulos@onpointfc.com>
2012-01-16 20:28 ` Lloyd Standish
2012-01-13 20:00 ` Lloyd Standish
2012-01-13 20:04 ` Dimitri Yioulos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201201161643.38037.dyioulos@onpointfc.com \
--to=dyioulos@onpointfc.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.