мне подсказали и всё решилось не маркировкой а созданием файла [EMAIL PROTECTED] eth888]# cat ipv4rule from 192.168.23.2 table cts.inout
> всем привет > имею два выхода в инет > нужно сделать что бы могли входить на различные службы как на один так и > на др. интерфейс. > ppp999(ppoe средствами etcnet) и eth888(pppoe на модеме и на нем > настроен dmz) > [EMAIL PROTECTED] eth888]# ip a > 2: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > 4: lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:15:17:23:54:b3 brd ff:ff:ff:ff:ff:ff > inet 192.168.100.10/24 brd 192.168.100.255 scope global lan > 6: eth888: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > qlen 100 > link/ether 00:15:17:23:54:b4 brd ff:ff:ff:ff:ff:ff > inet 192.168.23.2/24 brd 192.168.23.255 scope global eth888 > 8: splan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > qlen 1000 > link/ether 00:17:9a:38:1f:a0 brd ff:ff:ff:ff:ff:ff > inet 192.168.101.1/24 brd 192.168.101.255 scope global splan > 10: eth999: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > qlen 1000 > link/ether 00:11:95:ed:11:3f brd ff:ff:ff:ff:ff:ff > 1: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc > pfifo_fast qlen 100 > link/[65534] > inet 192.168.202.1 peer 192.168.202.2/32 scope global tun1 > 111: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc > noqueue > link/void > 211: ppp999: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc > pfifo_fast qlen 3 > link/ppp > inet ччч.ччч.ччч.ччч peer чч.чч.ччч.225/32 scope global ppp999 > > > пытаюсь промаркировать пакеты идущие на eth888 > [EMAIL PROTECTED] sysconfig]# cat /etc/sysconfig/iptables.conf |grep mark > $IPTABLES -A INPUT -t mangle -p ICMP -i $EXTERNAL_IFACE -j MARK --set-mark 1 > > потом дабвил 201 > [EMAIL PROTECTED] sysconfig]# cat /etc/iproute2/rt_tables > # > # reserved values > # > 255 local > 254 main > 253 default > 0 unspec > # > # local > # > #1 inr.ruhep > 201 cts.inout > > и дабавил маршрут > ip route add default via 192.168.23.1 dev eth888 table cts.inout > 192.168.23.1-это IP на модеме > > [EMAIL PROTECTED] eth888]# ip rule ls > 0: from all lookup local > 32765: from all fwmark 0x1 lookup cts.inout > 32766: from all lookup main > 32767: from all lookup default > > [EMAIL PROTECTED] eth888]# ip r > 192.168.99.1 dev venet0 scope link src 192.168.101.1 > 192.168.202.2 dev tun1 proto kernel scope link src 192.168.202.1 > xx.xxx.xxx.xxx dev ppp999 proto kernel scope link src xx.xxx.xxx.x > 192.168.100.0/24 dev lan proto kernel scope link src 192.168.100.10 > 192.168.23.0/24 dev eth888 proto kernel scope link src 192.168.23.2 > 192.168.101.0/24 dev splan proto kernel scope link src 192.168.101.1 > 192.168.200.0/24 via 192.168.202.2 dev tun1 > default via чч.ччч.ч.ччч dev ppp999 > > > > _______________________________________________ > Sysadmins mailing list > [email protected] > https://lists.altlinux.org/mailman/listinfo/sysadmins > _______________________________________________ Sysadmins mailing list [email protected] https://lists.altlinux.org/mailman/listinfo/sysadmins
