I still do not understand something.
The thread started with:
i have a server with 2 public ips on 2 devices.
I want that the request of incoming traffic dont use the default
gateway. Incoming traffic sould be answered using the gateway of the
incoming device
Could i realize this with firewalld? Or directly iptables?
##END OF QUOTE
Which means he has 1 server with two gateway devices which each has it's
own broadcast space\network.
It's not clear to me if there are two gateways in the same
broadcast\network or not.
if it's on the same network then he must have some routing rules and the
issue is not about a specific src address but about a connection..
Now with both of these devices there he has an issue.
He sure needs to use basic routing skills to make it work using some
metrics if he wants a static routing setup... but when it becomes almost
asymmetric it is possible to have a "reverse-path" routing situation
which is because the server has two default gateways and not one.
For this situation he cannot utilize the source address but only the
source mac address unless these 2 devices are some sort reverse proxies
which in this case do not require any routing settings at all and not
even a default gateway or direct Internet access.
So from what I understood he will need to do some connection marking by
the MAC address if these two devices are two routers which does NAT.
Eliezer
On 28/12/2015 09:22, Gordon Messmer wrote:
No, but you don't have to. In the scenario presented, two links with
two IP addresses in different broadcast domains, traffic that is sent in
response to requests received on the second link/IP address will have
the second IP address in the source address field. You can use that as
the rule.
Remember that Ethernet and IP are separate technologies. You can make
routing policies entirely in the IP layer without mixing in Ethernet
stuff like MAC addresses.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
