From: "hail narcissus" <gene_yee@hotmail.com>
To: lartc@vger.kernel.org
Subject: [LARTC] Multiple Gateway
Date: Thu, 07 Feb 2002 23:47:05 +0000 [thread overview]
Message-ID: <marc-lartc-101312567702725@msgid-missing> (raw)
I know this must have been asked MANY times, but there doesn't seem to be a
search for the Archives. I have read the HOW-TO docs and to be honest, it
is extremely confusing. I will re-read and hope to figure it out, but
hopefully someone can help me out.
I have two connections coming into my server, on a DSL and the other a
Cable. Both connections go into two seperate firewalls. One firewall is a
Checkpoint firewall thich does static NAT to my server, the real IP is
converted to 192.168.1.2. The other firewall is just a WinRoute server with
port forwarding, only have one IP, this is forwarded to 10.10.10.156.
The server is configured as:
eth0 -> 192.168.1.2 and GW 192.168.1.1 Primary SDSL Interface
eth1 -> 10.10.10.156 and GW 10.10.10.157 Secondary Cable Interface
The problem is that I want clients to connect to either connection to access
my FTP server. However packets are not necesarily exiting the same
interface that they are coming in on, they always exit the GW highest in the
routing list. I am not sure if it is because of the NAT and port
forwarding, but packets don't make it back to the destination unless it is
going out the original interface. I have verfied this by creating static
routes and looking at the route cache.
I am only concerned about FTP traffic for eth1, which will have PASV and
normal FTP traffic. No other traffic will be port forwarded to this
interface.
Possible solution, I don't understand IPROUTE2 yet so all of this is
conceptual:
I can use IPTables to mangle all packets coming into eth1 and have them
routed to go back out that interface. From the HOWTo I am guessing:
1) Remove the default gateway pointing to 10.10.10.157. This will leave all
traffic going out 192.168.1.1
2) Mangle the packets, never done this, cut and paste out of HOWTO:
# iptables -A PREROUTING -i eth1 -t mangle -j MARK --set-mark 1
3) Then add a route for all marked packets to go out 10.10.10.157
Syntax is still very confusing to me, if this is the right approach I will
try to figure out. Hints are appreciated...
Does this make sense or am I looking into this at completely the wrong
angle?
Thanks!!
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
next reply other threads:[~2002-02-07 23:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-02-07 23:47 hail narcissus [this message]
2002-02-08 0:35 ` [LARTC] Multiple Gateway Whit Blauvelt
2002-02-08 0:52 ` hail narcissus
2002-02-08 15:43 ` Adrian Chung
2002-02-11 0:28 ` hail narcissus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-101312567702725@msgid-missing \
--to=gene_yee@hotmail.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.