need to add conntrack entry to the raw table. also cleaned up a few

commands to sweep old commands on restart.

1 files changed, 10 insertions, 0 deletions

diff --git a/src/lbdecision.cc b/src/lbdecision.cc
index 4cd80df..e9f56f4 100644
--- a/src/lbdecision.cc
+++ b/src/lbdecision.cc
@@ -107,8 +107,17 @@ if so then this stuff goes here!
   //set up special nat rules
   execute(string("iptables -t nat -N WANLOADBALANCE"));
   execute(string("iptables -t nat -F WANLOADBALANCE"));
+  execute(string("iptables -t nat -D POSTROUTING -j WANLOADBALANCE"));
   execute(string("iptables -t nat -A POSTROUTING -j WANLOADBALANCE"));
 
+  //set up the conntrack table
+  execute(string("iptables -t raw -N NAT_CONNTRACK"));
+  execute(string("iptables -t raw -F NAT_CONNTRACK"));
+  execute(string("iptables -t raw -A NAT_CONNTRACK -j ACCEPT"));
+  execute(string("iptables -t raw -D PREROUTING 1"));
+  execute(string("iptables -t raw -I PREROUTING 1 -j NAT_CONNTRACK"));
+
+
   LBData::InterfaceHealthIter iter = lbdata._iface_health_coll.begin();
   while (iter != lbdata._iface_health_coll.end()) {
     string iface = iter->first;
@@ -123,6 +132,7 @@ if so then this stuff goes here!
     execute(string("iptables -t mangle -A ISP_") + buf + " -j ACCEPT");
 
     execute(string("ip route replace table ") + buf + " default dev " + iface + " via " + iter->second._nexthop);
+    execute(string("ip rule delete table ") + buf);
     execute(string("ip rule add fwmark ") + buf + " table " + buf);
     
     execute(string("iptables -t nat -A WANLOADBALANCE -m connmark --mark ") + buf + " -j SNAT --to-source " + fetch_iface_addr(iface));