Incoming connections on l2tp
-
I can't connect to the second address at the l2tp. udp echo has tried - only from one Internet.
Answers the wrong address.
iptables -t mangle
-A PREROUTING -i enp0s10 -j CONNMARK --set-xmark 0x64/0xffffffff -A PREROUTING -i enp0s18 -j CONNMARK --set-xmark 0x65/0xffffffff -A OUTPUT -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffffip ru l
0: from all lookup local 219: from all fwmark 0x64 lookup 100 32762: from 81.хх.хх.12 lookup 100 32764: from all fwmark 0x65 lookup 101 32765: from 109.yy.yy.13 lookup 101 32766: from all lookup main 32767: from all lookup defaultip ro l table 100
default via 81.хх.хх.1 dev enp0s10ip ro l table 101
default via 109.yy.yy.1 dev enp0s18ip r l
default via 81.хх.хх.1 dev enp0s10 metric 20 default via 109.yy.yy.1 dev enp0s18 metric 21 onlink 81.xx.xx.0/24 dev enp0s10 proto kernel scope link src 81.хх.хх.12 109.yy.yy.0/24 dev enp0s18 proto kernel scope link src 109.yy.yy.13 192.168.0.0/24 dev enp0s8 proto kernel scope link src 192.168.0.1What?
I did, until helped.
ip r a 81.хх.хх.0/24 dev enp0s10 proto kernel scope link src 81.хх.хх.12 table 100 ip r a 109.yy.yy.0/24 dev enp0s18 proto kernel scope link src 109.yy.yy.13 table 101In contrast, the mark is placed
conntrack -L | grep mark=101 | grep 213.87.138.134 conntrack v1.4.4 (conntrack-tools): 1064 flow entries have been shown. udp 17 178 src=213.87.138.134 dst=109.yy.yy.13 sport=44009 dport=1701 src=109.yy.yy.13 dst=213.87.138.134 sport=1701 dport=44009 [ASSURED] mark=101 use=1Not helpful.
iptables -t mangle -A PREROUTING -i enp0s18 -j CONNMARK --save-markNot helpful.
sysctl net.ipv4.fwmark_reflect=1The problem is that the udp network grids take an out-of-the-shelf response, not from the counter.
-
Received the UDP response from the required sorce to the unnecessary:
iptables -t nat -I PREROUTING -i enp0s18 -p udp --dport 1235 -j DNAT --to-destination 81.хх.хх.12
