11 Apr
2014
11 Apr
'14
3:05 a.m.
Bart,
I've read over your suggested reconfiguration; and I am willing to test
it; but please answer/provide the following:
- please provide this information in Linux syntax for the iptables
mangle and ip rule (feel free to reference http://linux.die.net/man/8/ip
and http://linux.die.net/man/8/iptables)
confirm:
iptables -t mangle -A PREROUTING -s 44.60.44.0/24 -j MARK --set-mark 1
ip rule add fwmark 1 table 44
- please clarify a problem presented by No.4 where routing loops can occur
- please clarify an inconsistency in your document where you state in
the beginning that a mangle rule is needed, and the end where you state
I need to change the IP rule from dst=44.0.0.0/8 || src=44.0.0.0/8 ~to~
src=<my 44 subnet> (I'm gathering you meant removing both src and dst ip
rules completely and replacing it with the two commands above)
- (please be advised, this breaks the ability for any 44GW to forward
traffic to other 44GWs, for testing, in an emergency, or otherwise)
- Also, I perform my iptables work in a web GUI, this breaks my ability
to simplify setup via script and allow others to firewall as they wish;
but I'm willing to forgo that for testing purposes
Lastly, it isn't usually good practice to tell someone else to test
something; but as I said, I'm willing, if you provide this information
in Linux syntax.
73,
KB3VWG