I am using Zeroshell as a captive portal to provide Internet access to client via a private non-routable vlan. So, these users are using my physical infrasttructure to get access through zeroshell to the Internet but the vlan they are on does not route anywhere on my internal network. The problem is that we have some hosts in my DMZ I would like them to access via their private ip adddress. So one way to accomplish this is with conditional forwarding. Can Zeroshell do conditional forwarding?
I haven’t used VLANs with Zeroshell so I don’t know what it is really doing behind the scenes to make it work.
That said, if/when you have multiple external interfaces for load balancing the Zeroshell sets up things to use the packet marks to select the routing table to use. What is the result of a “ip rule list” command at the shell prompt? Here is mine:
root@zeroshell root> ip rule list
0: from all lookup local
32764: from all fwmark 0x66 lookup 102
32765: from all fwmark 0x65 lookup 101
32766: from all lookup main
32767: from all lookup default
If Zeroshell is doing the same type of thing for your VLAN setup, then you can use the prerouting chain in the mangle table (I find putting iptables commands into the “nat and virtual server tables” an okay place) to tag the traffic you want to use the appropriate routing table to get access to those IP addresses to go to your DMZ.
You can use the “ip route list table 101” command to see where table 101 will route things.