[CentOS] Routing issue

Thu Sep 27 13:36:57 UTC 2012
Steve Clark <sclark at netwolves.com>

On 09/26/2012 10:16 PM, Gordon Messmer wrote:
> On 09/26/2012 09:15 AM, Steve Clark wrote:
>> Is there a way to make this work correctly?
> Shorewall will generate a proper configuration if you specify the
> "track" option in the "providers" file.  It might be a good idea to use
> that to generate your configs rather than building them by hand.
>
> I believe that you need to mark your connections and use the marks to
> select the routing table, in addition to using the "from" rules that you
> posted.  Otherwise, nothing binds the connection to a fixed
> route/interface in a load balanced configuration.
I was trying to figure out what criteria to use to mark the connection. FTP is such a
braindead application, using to channels and active and passive mode. What really
needs to happen is someway to tell the kernel to recheck the routing after SNAT.

-- 
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark at netwolves.com
http://www.netwolves.com