Am Montag, 7. Mai 2012, 13:00:59 schrieben Sie:
> Moin Frank,
> 
> On Sun, May 06, 2012 at 02:51:46PM +0200, Frank Ulherr wrote:
> > eigentlich sollten doch damit alle Pakete an Port 20, 21 gemarkt werden
> > und dann über die Routingtabelle 'secondgw' über gw 192.168.1.254
> > rausgehen?
> 
> alle die nicht in INPUT sondern FORWARD enden, potentiell schon. :-)
> Meine Erfahrung (gemerkte Dummheit) fragt: fehlendes NAT, ip forwarding,
> statefull ftp?

root@wheezy-hp:~# cat /proc/sys/net/ipv4/ip_forward 
1

Brauch ich noch ein: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ?

statefull ftp?

root@wheezy-hp:~# ip rule show
0:	from all lookup local 
32764:	from all fwmark 0x10 lookup secondgw 
32766:	from all lookup main 
32767:	from all lookup default 

root@wheezy-hp:~# ip route show
192.168.1.0/24 dev eth0  scope link  src 192.168.1.13 
default via 192.168.1.253 dev eth0 

root@wheezy-hp:~# ip route show table secondgw
192.168.1.0/24 dev eth0  scope link 
default via 192.168.1.254 dev eth0  src 192.168.1.13 

root@wheezy-hp:~# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
qlen 1000
    link/ether e8:39:35:20:1c:da brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.13/24 brd 192.168.1.255 scope global eth0
    inet6 fe80::ea39:35ff:fe20:1cda/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state 
DOWN qlen 1000
    link/ether e8:39:35:20:1c:db brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.14/32 brd 192.168.1.255 scope global eth1
4: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether 4e:54:bb:6a:4d:ec brd ff:ff:ff:ff:ff:ff

root@wheezy-hp:~# iptables -t mangle -L -vnx
Chain PREROUTING (policy ACCEPT 38364 packets, 10372051 bytes)
    pkts      bytes target     prot opt in     out     source               
destination         
      12      647 MARK       tcp  --  eth0   *       0.0.0.0/0            
0.0.0.0/0           multiport dports 20,21 MARK set 0x10 

Chain INPUT (policy ACCEPT 38325 packets, 10370179 bytes)
    pkts      bytes target     prot opt in     out     source               
destination         

Chain FORWARD (policy ACCEPT 39 packets, 1872 bytes)
    pkts      bytes target     prot opt in     out     source               
destination         

Chain OUTPUT (policy ACCEPT 46790 packets, 19285596 bytes)
    pkts      bytes target     prot opt in     out     source               
destination         

Chain POSTROUTING (policy ACCEPT 46822 packets, 19286936 bytes)
    pkts      bytes target     prot opt in     out     source               
destination         

Frank
--
Mailing-Liste der Linux User Schwabach (LUSC) e.V.
Vor und beim Posten bitte
         http://lusc.de/List-Netiquette <   und
         http://lusc.de/List-Howto      <   beachten. Danke!