Ramin, Can't we use the mark packet feature in mangle table and then use fwmark feature of iproute in linux and route the packet to correct gateway.
Subodh Shrivastava --- Ramin Alidousti <[EMAIL PROTECTED]> wrote: > On Thu, May 23, 2002 at 11:54:38PM +0200, Marc > SCHAEFER wrote: > > > So, it works very fine now (some problem with the > router), I can do my > > double-rewriting of addresses. The packets go out > on the wrong interface, > > though, but this seems to work anyway as the ISP > doesn't do any sensible > > filtering. > > They'll not be doing that any time soon. Don't worry > :-) > > > If someone is interested, I would be glad to see > if there is any method to > > route the packets correctly without loosing the > external addresses in the > > inside, and without requiring a second IP address > on the internal machine > > (the proposed marker solution would loose the > external addresses). > > As I said, use your imagination and come up with a > soluition and let us > know. Eg, some broken IP stack would copy the TTL of > the original packet > so in that case you could play with the TTL to > identify the connection > class. > > I'll think about it when I find some spare time :-) > > Ramin > > > In my mind, it must be possible, since the > connections, AFAIK, are tracked > > as soon as DNAT is used. It's not urgent, but it > would surely interest me. > > > > The resulting scripts are in: > > > > > http://www-internal.alphanet.ch/~schaefer/nf_firewall/ > > > > Thanks for help Antony and Ramin! > __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com
