Re: DNAT for two external NIC

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florent Guiliani <fguiliani@perinfo.com>
To: netfilter@lists.netfilter.org
Subject: Re: DNAT for two external NIC
Date: Wed, 30 Aug 2006 09:15:35 +0200	[thread overview]
Message-ID: <44F53B17.5040309@perinfo.com> (raw)
In-Reply-To: <007301c6cbb4$0aa38c00$4764a8c0@mhsystems.com>

$> echo "2 ISP2" >> /etc/iproute2/rt_tables
$> ip route add default via gatewayISP2 dev devISP2 table ISP2
$> ip rule  add from IPISP2 lookup ISP2 prio 1000
$> ip route flush table cache

so ping will be ok on the ISP2, you will able to connect any services on 
your router throuht ISP2 but DNAT will only work with ISP1. I'm working 
on this problem. I think I will use Shorewall to so that automatically

Mikhail a écrit :
>   I have Linux gateway/firewall with 3 NIC: eth0 – LAN, eth1 – ISP1, eth2 –
> ISP2.
> I’ve got separate static IPs from each of the ISP (IP1 & IP2) which I
> statically assigned to eth1 and eth2.
> My default route points to ISP1 gateway via eth1. I need to provide external
> access to a few computers on the LAN using different IPs and port numbers
> (no load balancing and target machines are IP-specific). 
>   Everything works fine if I use IP1 address but I was unable to get to the
> corresponding LAN machine through IP2. Ping requests are also not responded
> if they’re made to IP2. They do reach eth2 and I can see them using tcpdump
> but then nothing goes out on any NIC. The same goes for TCP/IP requests –
> I’ve managed to trace them to the nat table PREROUTING chain but they could
> not be found in either INPUT or FORWARD chain of the mangle table. If I make
> default route through eth2 – everything starts working through that NIC and
> stops through eth1. I seem to be missing something simple. Any help is
> greatly appreciated.
> 
> Mikhail.
> 
> 
> 

-- 
     	*  Florent GUILIANI - Développement Système*
41, avenue Jean Jaurès - 67100 STRASBOURG
/Tel :/ 03.88.44.96.00 /- Fax :/ 03.88.44.96.29
/E-mail :/ fguiliani@perinfo.com <mailto:fguiliani@perinfo.com>
/Site Web :/ http://www.perinfo.com

next prev parent reply	other threads:[~2006-08-30  7:15 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-08-29 21:42 DNAT for two external NIC Mikhail
2006-08-29 22:00 ` Pascal Hambourg
2006-08-30  7:15 ` Florent Guiliani [this message]
  -- strict thread matches above, loose matches on Subject: below --
2006-09-01  1:01 Mikhail
2006-09-01  6:32 Ming-Ching Tiew
2006-09-01  8:35 ` longraider
2006-09-01  9:32   ` Ming-Ching Tiew
2006-09-05  2:29 Ming-Ching Tiew

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44F53B17.5040309@perinfo.com \
    --to=fguiliani@perinfo.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.