Howzit guys,
I have a question that has been boggling my mind:
i have 2 servers( firewalls)
1 server connected to main ISP and another to another ISP( only certain
traffic 195.0.0.0/8)
Server 1 to main ISP:
lan: eth0 192.168.1.0/24
outside: eth1 196.15.203.194/30 gw 196.15.203.193
DMZ: eth3 196.16.202.209/28 (mailservers etc )
private: eth4 10.0.10.2/24
Server 2 to second ISP ( only certain ips route through that)
# network 195.0.0.0/8 must route through here
outside: eth1 10.0.1.35/24
private: eth0 10.0.10.1/24
I use `ip rule add fwmark` and `iptables -t mangle PREROUTING` to route
packets marked for 195.0.0.0/8 through 10.0.10.1/32
I masquarade the packets leaving eth1 on server 2 to 195.0.0.0/8
I want my DMZ section to be able to route to that network as well via
10.0.10.1
obviously when a packet from 195.0.0.0/8 send me a mail it comes in on
server 1(via the internet) and should go back out server 1 ( with src
routing enabled )
My question:
with src routing enabled if I mark packets use `iptables -t mangle
PREROUTING -i eth3 -s 196.16.202.209/28 -p all -j MARK --set-mark 888`
will packets coming from 195.0.0.0 then be routed through server 2 , it
wont work then cause its not src routed?????
When i start a download or something from the mailserver in the dmz
zone, it go out via server2 , but will packets coming which originate
from 195.0.0.0/8 via internet be routed out through server 1 again with
my src routing enabled
i tried to explain it quite clearly, hope its understandable
Hope u guys can help
Thanks
--
Regards
Jandre
"Some people are alive only because
it is illegal to kill them."
_____________________________________________________
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
