Hehh
Okay, my education in routing continues.. I just discovered the multiple "OUTPUT" chains in the kernel firewall, and found my missing packets getting DROPed on one of them.
The routing tables were trying to send replies from my "external IPs" out the external NICs, as they normally should do. But when my internal LAN clients connect to my external IPs, the replies have to be sent back via the internal NIC, not the external NICs.
A routing nightmare for a novice such as myself.
So I patched in the ipt_ROUTE target module to my kernel, and then did this:
Code:
iptables -A OUTPUT -t mangle -s $EXT_IP1 -d $LAN_SUBNET -j ROUTE --oif $LAN_NIC
iptables -A OUTPUT -t mangle -s $EXT_IP2 -d $LAN_SUBNET -j ROUTE --oif $LAN_NIC
And all is well again. I just wish I understood the "ip route/rule" syntax well enough to do it properly that way, rather than via mangle rules in the firewall script.
Cheers
Previous Topic
Index
