On 12/29/2015 07:18 AM, Eliezer Croitoru wrote:
... Basic 1:1 NAT ... you have two gateways while you have two ip addresses or one on the interface. Just to illustrate the issue: AWS instance with two interfaces which have two ip addresses NATTED to them by AWS front tier using some kind of virtual gateway.
I'm struggling to understand what you meant when you said that the destination is the gateway. If you just mean that the traffic is NATed, then again, I was not assuming that in any of my explanations.
A host with two addresses and two NAT gateways would apply routing policy just like one that isn't behind NAT gateways. In that configuration, NAT isn't relevant.
Now, if you had a host with just one address that was behind two different NAT routers, then that would be a configuration that might require marking connections based on the MAC address of incoming packets, and applying rules based on those marks. However, such a configuration is broken in several different ways, and connection marking just digs that hole deeper. Don't do this.
At some point, I'd remind you of the advice of Dr Robert Anthony: "“If you find a good solution and become attached to it, the solution may become your next problem."
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
