Wed Aug 18 03:48:52 CEST 2004
Content-Type: text/plain; charset=us-ascii
* Stephen Frost (email@example.com) wrote:
> I've got a bunch of network cards in my gateway, in this example we're
> concerned w/ 3 of them- two connections to the internet, one internal.
> For this to work I have to have source-based routing working (which it
> used to, back when I was using 2.4). It appears to still work fine for
> connections which are *not* NAT'd. For connections which are NAT'd it
> goes like this:
Alright, so, tried something funny- If I add a source-route rule for=20
the *internal* address of the machine then the source routing works (but,
unfortunately, this breaks things since that machine needs to be able to
accept connections from both internet connections).
I'm guessing this is done because of the packets are going through the=20
stack twice, but only going through the routing code once, and that's
happening prior to the NAT'ing?
Please note, these packets aren't IPSEC'd and don't have anything to do
w/ IPSEC stuff. I'm doing some other IPSEC stuff on one of the
connections at the moment, but that's all working fine (it's on
internet1, so that may help...).
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the netfilter-devel