All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] routing incoming port 82
@ 2005-06-27 17:11 ro0ot
  2005-06-27 18:32 ` Peter Surda
  0 siblings, 1 reply; 2+ messages in thread
From: ro0ot @ 2005-06-27 17:11 UTC (permalink / raw)
  To: lartc

Hi,

I have two DSL line from the different provider connected to my Linux 
Router Firewall.  Server_A is behind the Linux Router Firewall.


DSL0 --
            | ---- LINUX_ROUTER_FW -- SERVER_A
DSL1 --


I have the following IPTABLES command to make incoming access to Server 
A's web service throught port 82 as below: -

$IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 82 -j DNAT --to 
10.59.2.2:80
$IPTABLES -t nat -A PREROUTING -i eth2 -p tcp --dport 82 -j DNAT --to 
10.59.2.2:80

The problem is sometimes when I access the Server A's web service using 
the following link below, after like few minutes...it cannot be accessible.

http://<IP_ADDRESS_DSL0>:82

Then, I have to switch to the following link below to access it.

http://<IP_ADDRESS_DSL1>:82

How can I solve this?

Regards,
rootlinux





_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] routing incoming port 82
  2005-06-27 17:11 [LARTC] routing incoming port 82 ro0ot
@ 2005-06-27 18:32 ` Peter Surda
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Surda @ 2005-06-27 18:32 UTC (permalink / raw)
  To: lartc

On Tue, 28 Jun 2005 01:11:18 +0800 ro0ot <ro0ot@phreaker.net> wrote:

>Hi,
hi,

[cut]
>$IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 82 -j DNAT --to
>10.59.2.2:80
>$IPTABLES -t nat -A PREROUTING -i eth2 -p tcp --dport 82 -j DNAT --to
>10.59.2.2:80
>
>The problem is sometimes when I access the Server A's web service using
>the following link below, after like few minutes...it cannot be accessible.
This looks like bad routing, so I expect you should set up policy based routing.
You could use CONNMARK to remember the interface the connection is coming in and
then use a separate routing table for each of the marked packets coming the
other direction. I assume there are another options if you don't have CONNMARK,
but this looks like the most straigthforward solution.

>Regards,
>rootlinux
Yours sincerely,
Peter
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-06-27 18:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-27 17:11 [LARTC] routing incoming port 82 ro0ot
2005-06-27 18:32 ` Peter Surda

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.