From: Christian Parpart <trapni@gentoo.org>
To: lartc@vger.kernel.org
Subject: [LARTC] custom routing (two gateways)
Date: Mon, 09 Jul 2007 18:07:49 +0000 [thread overview]
Message-ID: <200707092007.51792.trapni@gentoo.org> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1834 bytes --]
Hi all,
i'm having a somewhat stupid problem I can't get rid of.
we've a server that accepts incoming world connections
from a load balancer (10.10.10.4) to port 80,
and we still want to serve incoming ssh/http from the firewall (10.10.10.1)
routed to this host (10.10.10.90) and their reply packets of cause shall be
send out through the firewall.
unfortunately, both hosts (the load balancer (LB) and the firewall(FW)) are on
the same subnet (10.10.10.0/24) and though on the same interface (eth0), but
I need to find a solution.
So, packets send from the LB shall get their answer through the LB as nexthop
of couse, as well as incoming packets from the FW shall have response packets
send out to the FW as nexthop, too.
But how to realise this?
server: 10.10.10.90 (this is the problem host)
firewall(FW): 10.10.10.1 (we receive (mostly) ssh/https conns from it)
loadbalancer(LB): 10.10.10.4 (we receive http conns from it)
FW and LB are accepting/forwarding and routing connections from the world to
our server.
server ~ # ip route list
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.90
10.10.10.0/24 dev eth0 proto kernel scope link src 10.10.10.90
127.0.0.0/8 dev lo scope link
default via 10.10.10.1 dev eth0
You see, default traffic is routed through the firewall as the default
gateway... but now, we want to have outgoing traffic caused from incoming
packets from the load balancer to be routed back through the loadbalancer
itself.
I tried here several approaches, like adding custom routing tables, and
modifying the tables (including main) either I got no answers routed to the
FW or no traffic got routed to the LB.
Can you please give me a hint on how to find the right way?
Thanks in advance,
Christian Parpart.
[-- Attachment #1.2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next reply other threads:[~2007-07-09 18:07 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-09 18:07 Christian Parpart [this message]
2007-07-09 18:59 ` [LARTC] custom routing (two gateways) Grant Taylor
2007-07-10 14:14 ` Christian Parpart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200707092007.51792.trapni@gentoo.org \
--to=trapni@gentoo.org \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.