bugzilla-daemon@netfilter.org
2003-Mar-04 22:49 UTC
[Bug 33] Connection tracking code doesn't track the interface of the connection
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=33 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |INVALID ------- Additional Comments From laforge@netfilter.org 2003-03-04 23:49 ------- close this one... ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@netfilter.org
2003-Mar-26 14:15 UTC
[Bug 33] Connection tracking code doesn't track the interface of the connection
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=33 ------- Additional Comments From mpokrywka@hoga.pl 2003-03-26 15:15 ------- i'd like to add that this scenario IS supported - using CONNMARK you can mark all packets belonging to one connection with same mark, so you can use this mark with routing, example: iptables -t magle -A PREROUTING -j CONNMARK --restore-mark # set nfmark from connmark iptables -t magle -A PREROUTING -m connmark ! --mark 0 -j RETURN # this connection is (conn)marked, skip iptables -t magle -A PREROUTING -i eth0 -j RETURN # from lan, will get connmark when return iptables -t magle -A PREROUTING -i eth1 -j CONNMARK --set-mark 1 # from dsl link iptables -t magle -A PREROUTING -i ppp0 -j CONNMARK --set-mark 2 # from ppp link ip route add table by-dsl default via $DSL_MODEM_IP ip route add table by-ppp default dev ppp0 ip rule add iif eth0 fwmark 1 table by-dsl ip rule add iif eth0 fwmark 2 table by-ppp and now all packets from connection that came from one link will follow as expected ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.