iproute/iptables best?

iproute/iptables best?

[Gene Heskett]

Scenario:

1 machine, two net cards, two networks

How can we make the reply to an action go back out through the route 
it came in on?  As it exists, queries, ssh sessions etc coming in 
thru a vpn from one router are being replied to on the default 
gateways card that hits the other network.

Is iptables the best tool, or is iproute2 the best tool to do this?

Pointers to good docs etc appreciated.  Thanks.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.34% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.

Re: iproute/iptables best?

[bert hubert]

On Wed, Apr 13, 2005 at 11:35:12PM -0400, Gene Heskett wrote:
> How can we make the reply to an action go back out through the route 
> it came in on?  As it exists, queries, ssh sessions etc coming in 
> thru a vpn from one router are being replied to on the default 
> gateways card that hits the other network.

Sometimes Linux can't (and shouldn't) figure out the "right" interface. In
this case, you need policy routing:

http://lartc.org/howto/lartc.rpdb.multiple-links.html
http://lartc.org/howto/lartc.rpdb.html

Good luck!

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

Re: iproute/iptables best?

[Chris Friesen]

bert hubert wrote:
> On Wed, Apr 13, 2005 at 11:35:12PM -0400, Gene Heskett wrote:
> 
>>How can we make the reply to an action go back out through the route 
>>it came in on?
> 
> Sometimes Linux can't (and shouldn't) figure out the "right" interface. In
> this case, you need policy routing:

Yep.  iproute2 with policy routing should handle it.  I've been using it 
for about 4 years now.

Chris