Help: Multiple internet connections

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


    I have been trying to get a router/firewall with a DSL and 6 fixed
IP's and a Faster Cable modem with a semi-fixed IP up and running for a
long, long time.

    Mostly things work, and I have read the
http://lartc.org/howto/lartc.rpdb.multiple-links.html#AEN261 pages and
implemented them.

    I appear to have full access to the extent that my iptables rules
allow to any services running on the router/firewall.

    I appear to have outgoing internet access NATed correctly and
running the way I want.

    However I have problems with the servers/services that are being
DNATed to behind the firewall.

    I do not believe my problems are with IPTABLES - at least I have
forced IPTABLES to log every packet it drops and it is not dropping
anything related to the areas I am having problems.

    There are a number of odd things that appear to be going on, but for
the most part the failure cases appear to occur when a client on the
internet who is using an ISP closely related to one of my connections,
tries to connect through an address on the interface farthest away from
them.

    I.E. when a client also using a local cable connection tries to
connect to a DNATed server/service using a DSL IP.
		My DSL is 209.223.245.120-128
		my cable is 68.84.207,53
	A client whose IP is 68.84.207.97 tries to connect to
209.223.245.125:143 and is unable to connect.

	IPTABLES logs no dropped packets. iproute is configured as per
the multiple links pages above.

	It is my guess that the inbound packet manages its way to my
server just fine, but on the return trip it decides to head back out the
cable modem as that is the best route back to the client, and since the
client sees a response coming from the wrong source it discards it, but
I could easily be wrong.

	I believe I am only having problems with DNATed services behind
the firewall, and I believe it is only when the client is local to the
external interface opposite the one they are coming in on. But I could
easily be wrong. regardless the problem is most ly reproducible - though
it has been know to go away for days at a time on its own, and mostly
limited to a small subset of all clients.
	
	I am busily perusing the lartc archives but have not found
anything directly on point yet.
		
   

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux