From: "Henrik Størner" <henrik-lartc@hswn.dk>
To: lartc@vger.kernel.org
Subject: [LARTC] Routing from a box behind two NAT'ing routers
Date: Tue, 14 May 2002 20:55:22 +0000 [thread overview]
Message-ID: <marc-lartc-102140980207386@msgid-missing> (raw)
Greetings,
I hope someone else has come up with a way to do this - so far
I've tried out some of the tricks described in the Advanced
Routing Howto, but haven't gotten it to behave as I would like.
I have a Linux-based (2.4.18 kernel) web server located on a
private network. This network is connected to the Internet via
two ADSL connections using Cisco SOHO77 routers. These routers
do NAT of both outgoing and incoming connections.
The problem is that I would like to have the web server available to
clients on the Internet using both of the connections. Not only
would it make the connection more reliable, it would also allow
me to utilize the bandwidth of both the connections via a simple
round-robin DNS setup of the Web server address. However, so far
I haven't been able to come up with a routing setup that allows
me to do this.
The routers have been configured to NAT an incoming request on TCP
port 80 to the internal IP of the web server. This works fine for
connections that come in on one of the routers, if I setup the web
server with a default route to that particular router. But then
connections arriving on the other router do not work - the router
forwards the initial SYN packet OK to the web server, but since
it tries to route the response out through it's default route,
it goes nowhere - the router that is asked to forward the response
packet never saw the initial SYN-packet, so the response does not
match anything in it's NAT table, and it drops the packet.
I tried giving the web server a second internal IP, and having one
router NAT incoming connections to the first IP, and the other
router NAT the connections to the second IP. Then using one of the
examples in the HOWTO, I tried setting up the routing so that the
response would go out via the proper router. I could not get that
to work.
Any ideas or suggestions would be appreciated.
--
Henrik Storner <henrik@hswn.dk>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next reply other threads:[~2002-05-14 20:55 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-14 20:55 Henrik Størner [this message]
2002-05-17 10:09 ` [LARTC] Routing from a box behind two NAT'ing routers William L. Thomson Jr.
2002-05-22 11:52 ` Leonardo Balliache
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-102140980207386@msgid-missing \
--to=henrik-lartc@hswn.dk \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.