dual wan routing, looking from the outside...

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Brian Austin <brian@standarduniversal.com.au>
To: netfilter@vger.kernel.org
Subject: dual wan routing, looking from the outside...
Date: Fri, 11 Jul 2008 10:18:15 +1000	[thread overview]
Message-ID: <4876A6C7.7010709@standarduniversal.com.au> (raw)

Hi,
after some problems with attempt #1 at dual wan routing I have decided 
to start afresh. Unfortunately I have put the router in production so I 
need to be pretty careful now with what I do, so thought to ask the 
clever people for some thoughts.

for my second attempt

I have my kernel 2.6.25.15 patched with http://www.ssi.bg/~ja/#routes.

I have two isp connections and I advertise my mail server (smtp & imap) 
on my first ISP connection, and my vpn connection on the other isp 
connection.

mail - isp1 --adslmodem1---192.168.20.x
imaps                          |
                           dual wan router    --192.168.41.x-- mail 
imaps server is behind the wan router
                           is also vpn server
                            and smtp server     
                               |
vpn  - isp2 --adslmodem2---192.168.19.x

I port forward through the adsl modems to the wan router, adslmodem1 
port forwards mail 25,993 ports, adslmodem2 forwards openvpn port.

openvpn is served up by the dual wan router, as is smtp.

the imap mail is served up by the mail server behind the wan router, 
like this
iptables -A PREROUTING -d 192.168.20.253 -i eth20 -p tcp -m tcp --dport 
993 -j DNAT --to-destination 192.168.41.5:993

Now the problem I have at the moment is.

 From the outside, I can only access services from one isp connection at 
a time. So if I VPN in, then I cant access my imaps mail,

do I need to do some sort of packet marking to achieve this? So that 
packets from the same internet host can route out both wan connections 
simultaniously?

Pointers to example scripts or the right information to study appreciated

regards

Brian

next             reply	other threads:[~2008-07-11  0:18 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-11  0:18 Brian Austin [this message]
2008-07-11 14:29 ` dual wan routing, looking from the outside Grant Taylor
2008-07-15 10:39 ` Brian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4876A6C7.7010709@standarduniversal.com.au \
    --to=brian@standarduniversal.com.au \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox