Hello all
A customer has some specific routing needs from within a linux box which
has 2 internet links.
Currently, the solution involves the use of iproute2 and the MARK
target.
The iptables script was manually crafted, but we''d like to migrate over
to shorewall to simplify management.
I can do everything except one crucial thing:
perform a SNAT operation based on the value of the fwmark given to a
packet.
All I need is to add something like this line to the firewall
configuration and I''m set (I know, cuz I added it manually and it
worked):
-A some_chain -m mark --mark 0x2 -j SNAT --to-source 196.40.0.132
My problem is that I''m not sure how to add targets like this to the NAT
table with shorewall 1.4.5.
Any hints? How may I have this line added automagically with every
"shorewall restart" (short of adding it manually at the end)?
Is "-m mark" matching even possible within shorewall?
Best
--
==========================================================* Diego Rivera
*
* *
* "The Disease: Windows, the cure: Linux" *
* *
* E-mail: lrivera<AT>racsa<DOT>co<DOT>cr *
* Replace: <AT>=''@'', <DOT>=''.''
*
* *
* GPG: BE59 5469 C696 C80D FF5C 5926 0B36 F8FF DA98 62AD *
* GPG Public Key avaliable at: http://pgp.mit.edu *
==========================================================-------------- next
part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030917/7cbd3f50/attachment.bin