Am Montag, 7. Mai 2012, 13:00:59 schrieben Sie: > Moin Frank, > > On Sun, May 06, 2012 at 02:51:46PM +0200, Frank Ulherr wrote: > > eigentlich sollten doch damit alle Pakete an Port 20, 21 gemarkt werden > > und dann über die Routingtabelle 'secondgw' über gw 192.168.1.254 > > rausgehen? > > alle die nicht in INPUT sondern FORWARD enden, potentiell schon. :-) > Meine Erfahrung (gemerkte Dummheit) fragt: fehlendes NAT, ip forwarding, > statefull ftp? root@wheezy-hp:~# cat /proc/sys/net/ipv4/ip_forward 1 Brauch ich noch ein: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ? statefull ftp? root@wheezy-hp:~# ip rule show 0: from all lookup local 32764: from all fwmark 0x10 lookup secondgw 32766: from all lookup main 32767: from all lookup default root@wheezy-hp:~# ip route show 192.168.1.0/24 dev eth0 scope link src 192.168.1.13 default via 192.168.1.253 dev eth0 root@wheezy-hp:~# ip route show table secondgw 192.168.1.0/24 dev eth0 scope link default via 192.168.1.254 dev eth0 src 192.168.1.13 root@wheezy-hp:~# ip address show 1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether e8:39:35:20:1c:da brd ff:ff:ff:ff:ff:ff inet 192.168.1.13/24 brd 192.168.1.255 scope global eth0 inet6 fe80::ea39:35ff:fe20:1cda/64 scope link valid_lft forever preferred_lft forever 3: eth1: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether e8:39:35:20:1c:db brd ff:ff:ff:ff:ff:ff inet 192.168.1.14/32 brd 192.168.1.255 scope global eth1 4: pan0: mtu 1500 qdisc noop state DOWN link/ether 4e:54:bb:6a:4d:ec brd ff:ff:ff:ff:ff:ff root@wheezy-hp:~# iptables -t mangle -L -vnx Chain PREROUTING (policy ACCEPT 38364 packets, 10372051 bytes) pkts bytes target prot opt in out source destination 12 647 MARK tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 20,21 MARK set 0x10 Chain INPUT (policy ACCEPT 38325 packets, 10370179 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 39 packets, 1872 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 46790 packets, 19285596 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 46822 packets, 19286936 bytes) pkts bytes target prot opt in out source destination Frank -- Mailing-Liste der Linux User Schwabach (LUSC) e.V. Vor und beim Posten bitte http://lusc.de/List-Netiquette < und http://lusc.de/List-Howto < beachten. Danke!