From: Kim Jensen <kimj@dawn.dk>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Multiple internet providers
Date: Sat, 22 Mar 2003 17:53:48 +0000 [thread overview]
Message-ID: <marc-lartc-104835568421233@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104798747003702@msgid-missing>
On Saturday 22 March 2003 17:33, you wrote:
> : But changing the rp_filter from one to zero seems to work, as I can
> : track packets hitting my FORWARD chain now.
>
> Excellent. I'm quite glad to hear it.
>
> : So, right now I seem to be on the right track - I think the general
> : problem with setting up something like this is that all relevant
> : information is usually scattered over many places with mostly only
> : fragments put together. But now now, Thanks Martin - you have been a
> : great help :-)
>
> Well, that's what my documentation attempts to remedy--but never can.
> Such a dynamic target is very hard to adequately document, but that will
> not prevent me from trying. Regardless your experience with my section on
> multiple Internet connections points out a now-obvious deficiency in the
> section on multiple uplinks. I will modify the section to include a
> similar cautionary note about the rp_filter sysctl.
>
> Thanks for letting me know it's working for you,
>
Well, not so fast ... I'm still having some problems, but I fear that they
will be very hard to solve!
We have 2 connections, our cheap (Arcor, dynamic IP) and our expensive (QSC)
with 32 public addresses. Since my company is also linked up to a second
company using a set of private addresses, we have to use the 192.168.1.160/27
net internally, with a DHCP server. Most of our traffic must go via the Arcor
connection, while all mail will go via the QSC together with SSH to specific
machines. For incoming traffic, all addresses in our 32 public IP numbers,
must be routed 1-1 for the internal net, so it is possible to make external
connections to either mail, web, ssh, etc. on internal machines.
Now my question is, is it possible to make a destinction for packets coming
from our internal nets, whether it is part of a connection from QSC or from
Arcor? So far, I am lost when it comes to ideas and plans... It appears like
SNAT is impossible as I don't know whether it will correctly translate the
packet back, and MASQUERADE doesn't seem like the solution either!
Using MASQUERADING, it is possible to have traffic running normally via the
Arcor net, but once we wish to include QSC in the calculation - I keep
hitting my head on the wall.
/Kim
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-03-22 17:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-18 11:36 [LARTC] Multiple internet providers Kim Jensen
2003-03-18 16:47 ` Martin A. Brown
2003-03-18 17:00 ` Julian Anastasov
2003-03-21 21:22 ` Kim Jensen
2003-03-21 21:29 ` Martin A. Brown
2003-03-22 5:57 ` Martin A. Brown
2003-03-22 8:28 ` Kim Jensen
2003-03-22 16:33 ` Martin A. Brown
2003-03-22 17:53 ` Kim Jensen [this message]
2003-03-22 23:02 ` Martin A. Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104835568421233@msgid-missing \
--to=kimj@dawn.dk \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.