routeing, SNAT, MASQ, and fwmark
Thu, 30 Nov 2000 16:31:53 +1100
In message <20001126123150.S26953@ns> you write:
> Perhaps I can shed a bit more light here. The problem appears to be,
> for me, that MASQ'ing and SNAT'ing don't remember the outbound connection w=
> it was gotten to via fwmark when it comes back.
Testing here reveals that the route filtering and mark don't play well
# for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done
# echo 1 > /proc/sys/net/ipv4/route/flush
Then run your tests again. If that's the problem, just disable route
filtering on the interface where the replies to the marked packets
Playing with this stuff can find some wierd corner cases: also, I
presume your IP is static, so you should use DNAT, not MASQUERADE.
Hope that helps,