On 03/08/15 16:45, Giancarlo Razzolini wrote:
Em 03-08-2015 05:23, Kapetanakis Giannis escreveu:
Is there a way to sort this out and route packets to the correct
interface?
You can try to create "enforcing" rules. Create 2 rules in your outgoing
interfaces that, when they detect a packet leaving a interface but it
should be on the other, you force route-to rules (not reply-to) on them.
Block rules with return do create states, but as soon as the packet is
sent, they enter in TIME_WAIT status (as it should be). Do you really,
really, need to return the packets? Perhaps in your case you can benefit
from routing domains.
Cheers,
Giancarlo Razzolini
I've already have rules for outgoing traffic that utilize route-to.
However this applies only for new packets generated from host itself.
It does not match on returns.
Dropping instead of return would definitely stop it.
Routing domains indeed seems they only solution in case I want returns.
Thanks
G
ps. if block rules with return do create a state, why do they not
respect the reply-to ?
