Bart,
I've read over your suggested reconfiguration; and I am willing to test it; but please answer/provide the following:
- please provide this information in Linux syntax for the iptables mangle and ip rule (feel free to reference http://linux.die.net/man/8/ip and http://linux.die.net/man/8/iptables) confirm: iptables -t mangle -A PREROUTING -s 44.60.44.0/24 -j MARK --set-mark 1 ip rule add fwmark 1 table 44
- please clarify a problem presented by No.4 where routing loops can occur
- please clarify an inconsistency in your document where you state in the beginning that a mangle rule is needed, and the end where you state I need to change the IP rule from dst=44.0.0.0/8 || src=44.0.0.0/8 ~to~ src=<my 44 subnet> (I'm gathering you meant removing both src and dst ip rules completely and replacing it with the two commands above)
- (please be advised, this breaks the ability for any 44GW to forward traffic to other 44GWs, for testing, in an emergency, or otherwise)
- Also, I perform my iptables work in a web GUI, this breaks my ability to simplify setup via script and allow others to firewall as they wish; but I'm willing to forgo that for testing purposes
Lastly, it isn't usually good practice to tell someone else to test something; but as I said, I'm willing, if you provide this information in Linux syntax.
73,
KB3VWG