[CentOS] Routing issue

Thu Sep 27 15:24:33 UTC 2012
Gordon Messmer <yinyang at eburg.com>

On 09/27/2012 06:36 AM, Steve Clark wrote:
> I was trying to figure out what criteria to use to mark the connection.
> FTP is such a
> braindead application, using to channels and active and passive mode.
> What really
> needs to happen is someway to tell the kernel to recheck the routing
> after SNAT.

I'm mostly sure that if you mark the *connection* to the FTP server, the 
related data will follow its path.

Again, multipath routing is complex, and Shorewall will do it properly. 
  At the very least, I recommend building a working configuration with 
Shorewall and then reading the rules that it compiles to understand why 
it handles routing the way that it does.