From: Paulo Andre <pandre@darkstar.nom.za>
To: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Cc: netfilter <netfilter@vger.kernel.org>
Subject: Re: conntrack ctstate - multiple ISP links
Date: Thu, 04 Oct 2007 16:53:28 +0200 [thread overview]
Message-ID: <4704FE68.5000706@darkstar.nom.za> (raw)
In-Reply-To: <4704F180.5000200@plouf.fr.eu.org>
Pascal Hambourg wrote:
> [Please send your reply on the list so everyone can see it]
>
>> The incoming packets are not leaving out of the correct interfaces,
>> someone else has suggested that I need to use iptables as below:
>>
>> iptables -t mangle -N alreadyestablished
>> iptables -t mangle -A alreadyestablished -j CONNMARK --restore-mark
>>
>> iptables -t mangle -A PREROUTING -m connmark ! --mark 0 -j
>> alreadyestablished
>> iptables -t mangle -A PREROUTING -m ctstate --conntrack NEW -i eth1
>> -j CONNMARK --set-mark 11
>> iptables -t mangle -A PREROUTING -m ctstate --conntrack NEW -i eth2
>> -j CONNMARK --set-mark 12
>>
>> and then iproute2 to route based on the 'mark'.
>> Would this be the correct solution?
>
> The principle is correct.
>
>> I am trying to get ctstate working so that I can test this
>
> The syntax is wrong. The correct syntax is "-m conntrack --ctstate NEW".
> Besides, this just does the same as "-m state --state NEW".
> -
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
Would I have to do a CONNMARK --save-mark on the POSTROUTING for this to
work?
I have also followed this:
http://andthatsjazz.org:8/lartc/MultihomedLinuxNetworking.html
When I dont use the above rules the connection is made but the packets
leave the wrong interface, with the above rules the connection is not
made at all.
Paulo
prev parent reply other threads:[~2007-10-04 14:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-04 8:29 conntrack ctstate - multiple ISP links Paulo Andre
2007-10-04 10:33 ` Pascal Hambourg
[not found] ` <4704EB43.2000902@darkstar.nom.za>
2007-10-04 13:58 ` Pascal Hambourg
2007-10-04 14:53 ` Paulo Andre [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4704FE68.5000706@darkstar.nom.za \
--to=pandre@darkstar.nom.za \
--cc=netfilter@vger.kernel.org \
--cc=pascal.mail@plouf.fr.eu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox