[Firehol-devs] Mark + CONNMARK

[Pieter Smit]

I am using firehol and would now like to start using it for policy routing.

Specifically using multiple providers, and servers nat'ed to different
public ip's.

What i need is to save a incoming connection's interface (and external ip)
using
--save-mark [--mask mask]
              Copy  the netfilter packet mark value to the connection mark.
If
              a mask is specified then only those bits are copied.

then in the pre-routing
--restore-mark [--mask mask]
              Copy the connection mark value to the packet. If a mask is
spec‐
              ified then only those bits are copied. This is only valid in
the
              mangle table.

this will allow me to use different routing tables for packets to and from
internal servers based on the saved mark to keep all packets going in and
out of the same interface/provider the session was started on.

Thus once a connection has been established we use the CONNMARK to keep same
mark on all packets, and  then ip rule to pick routing table.

Thus how would i use --restore-mark  and --save-mark under firehol ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-devs/attachments/20071129/053865b6/attachment-0001.html>