From: Oliver Geisler <lartc@docawk.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Double gateway - aliased ip routing
Date: Tue, 28 Jan 2003 20:38:12 +0000 [thread overview]
Message-ID: <marc-lartc-104379724010602@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104377445704545@msgid-missing>
Hi Martin.
>If I had to allow the client to select its default gateway, I'd be
>inclined to add another interface.
>
I've already tried this out, but the kernel gets really confused with
this configuration. Incoming packets were abriatly answered by one or
the other interface. I learned from the net that it's just not possible
to to manage, if both interfaces are connected to the same section (eg.
switch) of the subnet. The config of eth1 and eth2 just works, because
both parts of the subnet are phsically seperated and packets to
62.x.x.90 only arrive on one of the two interfaces. If someone's got a
solution to the problem 'two interfaces on the same subnet', let me know.
>But since I'm a control freak and
>BOFH, I'd simply use "ip rule" on the firewall to determine which client
>IP (or outbound service) gets to use bandwidth on my two connections.
>
>I have some documentation available on
>
> http://plorf.net/linux-ip/html/adv-multi-internet.htm
>
>which may be helpful to you in selecting different outbound routes based
>on source IP or destination port.
>
>
Source based routing would only be a second best solution. My task is to
let the user choose the outbound route. In this case I would have to
built a kind of user-interface to the firewall-script. I think that
would be a bad idea. On the other hand I want prevent people asking me
to switch theirs connection.
But thanks so far. More hints are welcome.
oli
> : INTERNET
> : ===================> : | |
> : | |
> : DynIP 212.x.x.195
> : /------------\ /---------------\
> : | DSL-ROUTER | | T3-ROUTER |
> : \------------/ \---------------/
> : 192.168.11.1 62.x.x.89
> : 192.168.11.0/24 62.x.x.88/29
> : | |
> : | |
> : 192.168.11.8 62.x.x7.90
> : 192.168.11.0/24 62.x.x.88/29
> : eth3 eth1 w/ ProxyARP
> : /---------------\
> : | FIREWALL |
> : \---------------/
> : eth0:1 eth0 eth2 w/ ProxyARP
> : 192.168.10.8 192.168.10.9 62.x.x.90
> : 192.168.10.0/24 62.x.x.88/29
> : | \
> : | \
> : ============== eth0
> : LOCALNET 62.x.x.93
> : 62.x.x.88/29
> : /-----\
> : | DMZ |
> : \-----/
>
>
>
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-01-28 20:38 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-28 17:19 [LARTC] Double gateway - aliased ip routing lartc
2003-01-28 19:12 ` Martin A. Brown
2003-01-28 20:38 ` Oliver Geisler [this message]
2003-01-29 4:58 ` Martin A. Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104379724010602@msgid-missing \
--to=lartc@docawk.org \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.