From mboxrd@z Thu Jan 1 00:00:00 1970 From: "William L. Thomson Jr." Date: Fri, 17 May 2002 10:09:51 +0000 Subject: Re: [LARTC] Routing from a box behind two NAT'ing routers Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Henrik, I am in the same boat as you. I have two SDSL lines I would like to do the= same=20 with. I have yet to find a working solution and hope I will have time to ad= dress=20 this tomorrow. In the mean time I bought a Nexland ISBPro800, which according to reviews = and=20 Nexland should do some of what we are looking to do. Unfortunately it does = not even=20 come close. I was better of just using RIP for redundancy. The Nexland is n= ot doing=20 anything for me, and I need to take the time to ship it back and get my mon= ey back. I have found two other solutions both of which are out of my price range a= t the=20 moment. The first on for the money is not worth it. It's the products from = FatPipe,=20 Inc. The one I do like and may end up having to purchase is made by SysMast= er.=20 There pricing is much better, the units scale better, and they just plug in= to a=20 switch. No routing the routers through the unit and then through the switch= . You=20 just plugin everything into the switch, and use the SysMaster unit as the g= ateway. I spoke with one of the engineers at SysMaster, and if I do not have this = problem=20 solved by the time I get the cash. I just may by one and call it a day. On the Linux front I did get close, but ran into issues with the route cac= hing=20 table. I did receive a suggestion from Julian Anastasov, but I have not had= time to=20 try the cache settings he suggested. It's in the list archive on 4/29/2002 Bottom line is I would rather have Linux do it. Personally I think it's co= oler and=20 possibly better? I am willing to work or share info with others to come up = with a=20 working solution. I know others will be coming down this path as more peopl= e get=20 multiple broad band connections. Hell I have an ISP that will provide 1.1mps SDSL lines for $80.00 a month. = So in my=20 situation it makes more sense than buying a T-1 or T-3. Anyway, I will be back at it some day this week. Shooting for tomorrow. I = have a=20 feeling that there needs to be additional logic in the multipath routing. B= ut not=20 knowing C/C++ I am not sure how much help I can provide. Sorry, so far I am= a Java=20 guy, but C/C++ is next on my list. This may be the motivation I need. There needs to be some sort of route aging mechanism or packet marking. So= when new=20 routes are presented the old ones will be removed. Also once the route cache issue has been addressed, I believe a DNS how to= is=20 crucial. Since depending on how you have your DNS servers set up will dicta= te how=20 well things work. For example in my case for each private IP, I have two pu= blic=20 IP's, one on each ISP's SDSL line. So once the Linux router works the way it should, the DNS servers will als= o need a=20 special config. At the moment I have DNS server 1 returning IP's from ISP 1 DNS server 2 returns IP's from ISP 2. Basically like the example from http://www.samag.com/documents/s=3D1824/sam0201h/0201h.htm I tried doing something along the lines of having both DNS servers be on th= e same=20 block, and if a request came in on that IP block, they would get IP's from = that=20 block. If they requested either DNS server via the other block, IP's from t= hat=20 block would be returned. That seemed to cause allot of problems. Anyway, you are not alone. Hopefully there is some one out there who has do= ne this=20 successfully and can shed light on were we are going wrong. Or someone out = there=20 willing to gang up with us to come up with a working solution. I am in, any one else interested in this? Henrik St=F8rner wrote: > Greetings, >=20 > I hope someone else has come up with a way to do this - so far > I've tried out some of the tricks described in the Advanced > Routing Howto, but haven't gotten it to behave as I would like. >=20 > I have a Linux-based (2.4.18 kernel) web server located on a > private network. This network is connected to the Internet via > two ADSL connections using Cisco SOHO77 routers. These routers > do NAT of both outgoing and incoming connections. >=20 > The problem is that I would like to have the web server available to > clients on the Internet using both of the connections. Not only=20 > would it make the connection more reliable, it would also allow > me to utilize the bandwidth of both the connections via a simple > round-robin DNS setup of the Web server address. However, so far > I haven't been able to come up with a routing setup that allows=20 > me to do this. >=20 > The routers have been configured to NAT an incoming request on TCP > port 80 to the internal IP of the web server. This works fine for > connections that come in on one of the routers, if I setup the web > server with a default route to that particular router. But then=20 > connections arriving on the other router do not work - the router > forwards the initial SYN packet OK to the web server, but since > it tries to route the response out through it's default route, > it goes nowhere - the router that is asked to forward the response > packet never saw the initial SYN-packet, so the response does not > match anything in it's NAT table, and it drops the packet. >=20 > I tried giving the web server a second internal IP, and having one > router NAT incoming connections to the first IP, and the other > router NAT the connections to the second IP. Then using one of the > examples in the HOWTO, I tried setting up the routing so that the=20 > response would go out via the proper router. I could not get that > to work. >=20 > Any ideas or suggestions would be appreciated. >=20 --=20 Sincerely, William L. Thomson Jr. Obsidian-Studios, Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax 707.766.8989 http://www.obsidian-studios.com --=20 Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax 707.766.8989 http://www.obsidian-studios.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/