Re: Multiple Incoming connections

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mart Frauenlob <mart.frauenlob@chello.at>
To: netfilter@vger.kernel.org
Subject: Re: Multiple Incoming connections
Date: Fri, 30 Jan 2009 00:48:02 +0100	[thread overview]
Message-ID: <49824032.8050906@chello.at> (raw)
In-Reply-To: <bb09457e0901291412g1ad7f906x7251d1f3c866e712@mail.gmail.com>

Didster wrote:
> Hi there,
>
> This is probably a very silly question, but here it goes.
>
> I have a linux box which I am using as an internal router
> [2.6.18-6-686].  These machine is connected two multiple ISPs via two
> separate NICs.  The connections are not direct, they are via PIX 501
> firewalls.  Both NICs use private IPs and the PIXes do address
> translation.  A third NIC connects the machine to a LAN.  The default
> gateway on the box is set to the private IP of PIX 1..
>
> I am trying to get incoming connections working from both ISPs.  I
> have apache running on the machine.  Both firewalls are set to allow
> port 80 though and translate it to the IP of the linux box.
>
> An incoming connection to the public IP of PIX 1 works just fine
> But an incoming connection to the public IP of PIX 2 does not – unless
> I change the default gateway on the box to be the private IP of PIX 2.
>
> A trace shows the connection coming from PIX 2 and then the reply
> going back out on PIX 1
>
> I have rp_filter switched off and ip_conntrack module loaded.
>
> Does anyone know how to stop this?  I thought conntrack would send the
> related traffic back out of the route the initial request come in on.
>   
search google for: source based routing linux

greets

mart

next prev parent reply	other threads:[~2009-01-29 23:48 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <bb09457e0901291258n35a64c07t3f36fd935f98f71c@mail.gmail.com>
2009-01-29 22:12 ` Multiple Incoming connections Didster
2009-01-29 23:48   ` Mart Frauenlob [this message]
2009-01-30 10:34     ` Cloves Pereira Costa Jr

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49824032.8050906@chello.at \
    --to=mart.frauenlob@chello.at \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.