From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] port-mapping with 2 isps
Date: Wed, 23 Apr 2003 23:29:05 +0000 [thread overview]
Message-ID: <marc-lartc-105114064503554@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105113992702879@msgid-missing>
Diego!
: hello... i've got an annoying problems that makes me think that i want
: to do something that is impossible... :) explanation:
No--not impossible. Not trivial--but not impossible.
: i've two dsl lines and a linux box as a "load balancer". some traffic
: goes out by eth0 and other goes out by eth1. (i mark the packets with
: iptables and then have 2 route tables)
: i'm currently forwarding some incoming connections (to the port 80 on
: eth0) to another host inside the network. this works without problems
: as long as eth0 is the default gateway.
:
: trying to forward connections on eth1 port 80 with eth0 as the default
: gateway results in the linux box loosing the answer packet from the
: host inside the network.
Same server reachable via two public IPs. As proven in this forum last
week, by Russell Senior, you can do this EVEN if the internal server has
a single IP. Until last week, I was convinced that two internal IPs were
required. That is no longer so.
See the thread which starts here:
http://mailman.ds9a.nl/pipermail/lartc/2003q2/007952.html
And the magic happens here:
http://mailman.ds9a.nl/pipermail/lartc/2003q2/008090.html
: diagram:
:
: inet | - isp1 -- eth0\
: | - LINUX ROUTER - eth2 - swith - "server host"
: | - isp2 -- eth1/
:
: # ip ro sh
: 81.33.13.128 dev eth1 scope link src 81.33.13.174
: 80.25.88.192 dev eth0 scope link src 80.25.88.228
: 80.25.88.192/26 dev eth0 proto kernel scope link src 80.25.88.228
: 81.33.13.128/26 dev eth1 proto kernel scope link src 81.33.13.174
: 172.16.0.0/16 dev eth2 proto kernel scope link src 172.16.0.2
: default via 80.25.88.193 dev eth0
:
: because eth0 is the default gw, i can forward incoming connections on
: eth0 to the "server host".
:
: can anyone help me so i can forward conections happening on both
: interfaces (eth0 & eth1, doesn't matter who is the default gw) ?
Another reasonable option is to assign an additional IP address to the
internal server, and follow these instructions to configure the DNAT
and routing for each IP:
http://linux-ip.net/html/adv-multi-internet.html#adv-multi-internet-inbound
Good luck, Diego,
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-04-23 23:29 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-23 23:17 [LARTC] port-mapping with 2 isps Diego Torres
2003-04-23 23:29 ` Martin A. Brown [this message]
2003-04-24 0:26 ` Martin A. Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105114064503554@msgid-missing \
--to=mabrown-lartc@securepipe.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.