Peter Hardy wrote:
The solution I'm trialling is to mark all incoming packets like so:
# Packets arriving from external links are marked 1
$IPT -t mangle -A PREROUTING -i $INET_IFACE1 -j MARK --set-mark 1
$IPT -t mangle -A PREROUTING -i $INET_IFACE2 -j MARK --set-mark 1
# Packets departing on an external link are marked 2
$IPT -t mangle -A PREROUTING -o $INET_IFACE1 -j MARK --set-mark 2
$IPT -t mangle -A PREROUTING -o $INET_IFACE2 -j MARK --set-mark 2
I should probably mention that those second two rules are, of course, in
the POSTROUTING chain.
--
Pete
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
