hi again, Dňa Wed, 23 Jan 2013 00:07:51 -0300 "Carlos Miranda Molina > (Mstaaravin)" <mstaara...@gmail.com> napísal: > > > :~# ip route add default scope global nexthop via XX.220.XX.177 dev > > eth3 weight 1 nexthop via YY.20.YY.Y dev eth4 weight 1 > > :~# ip route add '127.0.0.0/8' dev lo table T1 > > :~# ip route add '127.0.0.0/8' dev lo table T2 > > :~# ip route add '192.168.100.0/24' dev eth2 table T1 > > :~# ip route add '192.168.100.0/24' dev eth2 table T2 > > >
i just cant make it work. all my outgoing packets keep going through the default gateway (even if they have the correct IP address, from the other nic...). i think i need an explanation... because i cant undestand how does the routing tables know that a packet is in response to a connection that came from this or that interface. i mean... all my packets are coming from "internet", but they are coming from two different nic, with completely different ip addresses. so, the traffic going out is pointing to an ip address that is in the internet, and not in the same subnet of any nic, so that's why it gets delivered through my default gateway. how would my routing tables deliver a packet trough a nic that doesnt match the destination network? i also tried a different approach, found somewhere with google, that is more in line with my understanding of the problem. basically, it marks the packets so they can be routed back to the same nic they came in: ip route flush table T1 ip rule del fwmark 101 table T1 ip route add table T1 default via YY.20.YY.3 ip rule add fwmark 101 table T1 ip route flush table T2 ip rule del fwmark 102 table T2 ip route add table T2 default via XX.220.XX.178 ip rule add fwmark 102 table T2 # Ensure traffic in one interface goes back out the same interface iptables -t mangle -F PREROUTING iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING -i eth4 -m state --state NEW -j MARK --set-mark 101 iptables -t mangle -A PREROUTING -i eth3 -m state --state NEW -j MARK --set-mark 102 but it doesnt work... any help is really appreciated... Roberto
