On 09/08/10 09:18, Mark Rogers wrote:
However, with the default gateway being set to the IP of the router on the faster line (say 192.169.10.1), this means that connections through the second router (say 192.168.11.1) don't work. My PC obviously has addresses on both subnets, and out to be able to respond to a connection coming in on the 192.168.11.x address replying via a default gateway on that subnet, but as I understand it I only have one default gateway.
That could get a bit messy, if you always access ssh in from a specific address then you could just set a static entry in your office machine's routing table that uses your second gateway as the route for the address (or block of addresses) you want to access ssh from.
That has the problem that any traffic to those addresses will be routed via your 2nd line.
Another (complicated) way might be to use iproute2 on the PC in the office.
I can't remember the exact magic but essentially you use iproute2 to create a new routing table and give it a number to identify it
Then you tell iptables to MARK all traffic based on the rules you want (so specific ports, specific destinations etc) with that number (it's an action like DROP)
Then you tell iproute2 to route all traffic marked with that number by your firewall via the new routing table you created with something like
ip rule add fwmark "number of table" table "table name"
I am sure after I did this I found several other more sane ways of doing it, one may have been to drop the iptables rules altogether and do it somehow within iproute's rules.