Problem with Port Forwarding and multiple Internet links

All of lore.kernel.org
 help / color / mirror / Atom feed

* Problem with Port Forwarding and multiple Internet links
@ 2004-12-31  0:04 Gordon Heydon
  0 siblings, 0 replies; only message in thread
From: Gordon Heydon @ 2004-12-31  0:04 UTC (permalink / raw)
  To: netfilter

Hello,

I am having a problem with setting up a clients firewall, with Internet
access.

The set up is that they have 2 adsl connections for which they have a
default connection that all the normal ad-hoc traffic runs though, and a
second 512/512 adsl link that they use for vpn access, both in and out,
as well as some terminal services access, and minor web sites.

We have just changed the primary link to another ISP, and anything that
is being port forwarded to machines behind the firewall such as the web
servers and terminal services are not getting routed correctly back out
to the world.

eg. The packets for the terminal server are coming in though the 512/512
link as they are suppose to, and getting forwarded onto the terminal
server. The packets coming back are then being sent back out through the
main link, but with the source ip address being the re-written back to
the correct address from the 512/512 link where it came in.

I was to the best of my knowledge working correctly before the change
over to the new ISP. I think their is something I am missing but I just
can't see it.

IMO as the masquerading is happening in the POSTROUTING and getting the
source address is getting written then, the ip rule to tell it to use a
different routing table from the main one is being missed, and the going
through the default route. It is like it needs to be run back though the
routing again.

here are my routing tables and rules. I am running on quite an old
version on the kernel, 2.4.21. I am a bit reluctant to upgrade because
of the procedures that I will have to go through to make this happen and
it is not the actual kernel upgrade.

stealth:/etc/bind# ip rule list
0:      from all lookup local
32762:  from all to 202.x.x.0/24 lookup vpn
32763:  from all to 202.x.x.0/24 lookup vpn
32764:  from all to 202.x.x.0/24 lookup vpn
32765:  from 218.x.x.x/28 lookup vpn
32766:  from all lookup main
32767:  from all lookup default

stealth:/etc/bind# ip route list table vpn
218.x.x.0/28 dev eth2  scope link  src 218.214.208.9
192.168.211.0/24 dev ipsec1  scope link
default via 218.x.x.x dev eth2

Any help will be most appreciated.

Thanks in advance.
-- 
Gordon Heydon <gordon@heydon.com.au>

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2004-12-31  0:04 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-31  0:04 Problem with Port Forwarding and multiple Internet links Gordon Heydon

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.