From: "David H. Lynch Jr." <dhlii@1dla.com>
To: lartc@vger.kernel.org
Subject: [LARTC] Help: Multiple internet connections
Date: Wed, 25 Sep 2002 22:27:25 +0000 [thread overview]
Message-ID: <marc-lartc-103299298425932@msgid-missing> (raw)
I have been trying to get a router/firewall with a DSL and 6 fixed
IP's and a Faster Cable modem with a semi-fixed IP up and running for a
long, long time.
Mostly things work, and I have read the
http://lartc.org/howto/lartc.rpdb.multiple-links.html#AEN261 pages and
implemented them.
I appear to have full access to the extent that my iptables rules
allow to any services running on the router/firewall.
I appear to have outgoing internet access NATed correctly and
running the way I want.
However I have problems with the servers/services that are being
DNATed to behind the firewall.
I do not believe my problems are with IPTABLES - at least I have
forced IPTABLES to log every packet it drops and it is not dropping
anything related to the areas I am having problems.
There are a number of odd things that appear to be going on, but for
the most part the failure cases appear to occur when a client on the
internet who is using an ISP closely related to one of my connections,
tries to connect through an address on the interface farthest away from
them.
I.E. when a client also using a local cable connection tries to
connect to a DNATed server/service using a DSL IP.
My DSL is 209.223.245.120-128
my cable is 68.84.207,53
A client whose IP is 68.84.207.97 tries to connect to
209.223.245.125:143 and is unable to connect.
IPTABLES logs no dropped packets. iproute is configured as per
the multiple links pages above.
It is my guess that the inbound packet manages its way to my
server just fine, but on the return trip it decides to head back out the
cable modem as that is the best route back to the client, and since the
client sees a response coming from the wrong source it discards it, but
I could easily be wrong.
I believe I am only having problems with DNATed services behind
the firewall, and I believe it is only when the client is local to the
external interface opposite the one they are coming in on. But I could
easily be wrong. regardless the problem is most ly reproducible - though
it has been know to go away for days at a time on its own, and mostly
limited to a small subset of all clients.
I am busily perusing the lartc archives but have not found
anything directly on point yet.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next reply other threads:[~2002-09-25 22:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-25 22:27 David H. Lynch Jr. [this message]
2002-09-26 9:27 ` [LARTC] Help: Multiple internet connections Arthur van Leeuwen
2002-09-27 6:54 ` David H. Lynch Jr.
2002-09-27 7:29 ` Arthur van Leeuwen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-103299298425932@msgid-missing \
--to=dhlii@1dla.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.