[CentOS] Routing issue

Thu Sep 27 13:36:57 UTC 2012
Steve Clark <sclark at netwolves.com>

On 09/26/2012 10:16 PM, Gordon Messmer wrote:
> On 09/26/2012 09:15 AM, Steve Clark wrote:
>> Is there a way to make this work correctly?
> Shorewall will generate a proper configuration if you specify the
> "track" option in the "providers" file.  It might be a good idea to use
> that to generate your configs rather than building them by hand.
> I believe that you need to mark your connections and use the marks to
> select the routing table, in addition to using the "from" rules that you
> posted.  Otherwise, nothing binds the connection to a fixed
> route/interface in a load balanced configuration.
I was trying to figure out what criteria to use to mark the connection. FTP is such a
braindead application, using to channels and active and passive mode. What really
needs to happen is someway to tell the kernel to recheck the routing after SNAT.

Stephen Clark
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark at netwolves.com