[Bug 33] Connection tracking code doesn't track the interface of the connection
bugzilla-daemon@netfilter.org
bugzilla-daemon@netfilter.org
Wed, 26 Mar 2003 15:15:16 +0100
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=33
------- Additional Comments From mpokrywka@hoga.pl 2003-03-26 15:15 -------
i'd like to add that this scenario IS supported - using CONNMARK you can mark
all packets belonging to one connection with same mark, so you can use this
mark with routing, example:
iptables -t magle -A PREROUTING -j CONNMARK --restore-mark # set nfmark from
connmark
iptables -t magle -A PREROUTING -m connmark ! --mark 0 -j RETURN # this
connection is (conn)marked, skip
iptables -t magle -A PREROUTING -i eth0 -j RETURN # from lan, will get connmark
when return
iptables -t magle -A PREROUTING -i eth1 -j CONNMARK --set-mark 1 # from dsl link
iptables -t magle -A PREROUTING -i ppp0 -j CONNMARK --set-mark 2 # from ppp link
ip route add table by-dsl default via $DSL_MODEM_IP
ip route add table by-ppp default dev ppp0
ip rule add iif eth0 fwmark 1 table by-dsl
ip rule add iif eth0 fwmark 2 table by-ppp
and now all packets from connection that came from one link will follow as
expected
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.