[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [rhelv6-list] network problem on RHEL6.3





On 4 July 2012 13:59, Manuel Wolfshant <wolfy nobugconsulting ro> wrote:
On 07/04/2012 03:46 PM, John Haxby wrote:

Loose mode reverse path filtering isn't usually recommended, though, not least because asymmetric routing can mess up TCP's flow control.   I keep hoping that someone will post a succinct guide to having packets route back through the interface they came in on (I know it can be done, I've just never sat down and worked it out in detail.)

EXTERNAL_INTERFACE1="eth1.5"
EXTERNAL_INTERFACE2="eth1.6"
$IPTABLES -t mangle -A PREROUTING -j CONNMARK --restore-mark
$IPTABLES -t mangle -A PREROUTING -i "$EXTERNAL_INTERFACE1" -j MARK --set-mark 2
$IPTABLES -t mangle -A PREROUTING -i "$EXTERNAL_INTERFACE2" -j MARK --set-mark 3
$IPTABLES -t mangle -A POSTROUTING -j CONNMARK --save-mark



[root mail ~]# grep mark /etc/sysconfig/network-scripts/rule-eth*
/etc/sysconfig/network-scripts/rule-eth1.5:fwmark 2 table T1
/etc/sysconfig/network-scripts/rule-eth1.6:fwmark 3 table T2


The rest is left as exercise for the reader


Thank you very much!

jch



--
Phear the Penguin

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]