Ramin, Can't we use the mark packet feature in mangle table and then use fwmark feature of iproute in linux and route the packet to correct default gateway.
Subodh Shrivastava On Thu, May 23, 2002 at 11:54:38PM +0200, Marc SCHAEFER wrote: > So, it works very fine now (some problem with the router), I can do my > double-rewriting of addresses. The packets go out on the wrong interface, > though, but this seems to work anyway as the ISP doesn't do any sensible > filtering. They'll not be doing that any time soon. Don't worry :-) > If someone is interested, I would be glad to see if there is any method to > route the packets correctly without loosing the external addresses in the > inside, and without requiring a second IP address on the internal machine > (the proposed marker solution would loose the external addresses). As I said, use your imagination and come up with a soluition and let us know. Eg, some broken IP stack would copy the TTL of the original packet so in that case you could play with the TTL to identify the connection class. I'll think about it when I find some spare time :-) Ramin > In my mind, it must be possible, since the connections, AFAIK, are tracked > as soon as DNAT is used. It's not urgent, but it would surely interest me. > > The resulting scripts are in: > > http://www-internal.alphanet.ch/~schaefer/nf_firewall/ > > Thanks for help Antony and Ramin! __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com
