I just want to run some ideas past the list to see if it is a valid way of doing things and see what advice you can offer.
I have a Linux box running kernel 2.4.18 as my firewall and its interfaces are as follows: Eth0 - No IP (Interface for DSL connection) Eth1 - 1 Public IP from routable subnet Ppp0 - 1 Static public IP + 1 routable subnet (Modem) Ppp1 - 1 Dynamic public IP (DSL) Behind this machine I have a number of machines each of which has been allocated 1 or more Public IPs from the routable subnet. What I require is to have all but one of the machines to use the modem connection and one of them to use the DSL connection. Ideally I would like to be able to have certain traffic from all of the boxes use the DSL link (eg for DNS traffic). My feeling is that I have to do this: 1. Use iptables to MARK the packets I want to go out the DSL link 2. Use iproute2 to send MARK'd packets out the ppp1 link and non-MARK'd packets out the ppp0 link 3. Use iptables to MASQUERADE all packets going out the ppp1 link My questions are: 1. Is this the best way to do this? 2. Are there any tricks or traps doing this? 3. The packet will go through iptables and be MARK'd and then through iproute2 but does it go back through iptables so I can MASQUERADE it? 4. Can anyone point me to any documentation/references that might help? Regards, William Bartholomew Internet Developer Orli-TECH Pty Ltd "Your Innovative e-Business Partner" Web: http://www.orlitech.com.au Email: [EMAIL PROTECTED] Phone: +61 7 3292 0220 Fax: +61 7 3292 0221 Visit our online store http://www.instantit.com.au Also visit http://www.directorclub.com a free service to CEO's, company directors, managers or anyone aspiring to be a director. This electronic communication (including any attached files) may contain confidential and/or legally privileged information and is only intended for the viewing purposes of the person to whom it is addressed. If you are not the intended recipient, you do not have permission to read, use, disseminate, distribute, copy or retain any part of this communication or its attachments in any form. If you receive this email in error, please contact us on +61 7 3292 0222 or by email and delete all copies. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
