On nov/20/2002, Martin A. Brown wrote: > packet belongs to a session inbound over eth1 or eth2. This is the > statelessness of IP routing! I'm thinking in one possibility, but I'm really new with iproute and I don't know if it is possible... eth0 has the IP 10.10.10.1, and I create an alias eth0:1 with IP 10.10.10.2. With 'ip', I route packets from eth1 to eth0, and packets from eth2 to eth0:1. When these packets returns from the LAN, they go to an especific IP (10.10.10.1 or 10.10.10.2). Then I mark these packets with iptables (maybe in PREROUTING?), i.e., packets to eth0 with mark X, and packets to eth0:1 with mark Y, and route these packets with 'ip route' looking the mark of the packet (mark X -> eth1, mark Y -> eth2). The last action is to MASQUERADE the packets for each interface... > In order to make any recommendation, we would need to know what the IP > address ranges are and specifically why/how Paco envisions using these > two links. The two public interfaces aren't in the same range (80.37... and 80.59...). The purpose of this Linux box is to provide high availability to several servers, but the two public interfaces of this box may work at the same time. eth1 handles DNS traffic, and eth2 handles SMTP and HTTP traffic. When one of the link goes down, the other may take all traffic (we detect the link-down and change the DNS to point to the working interface). -- ...Bonkers (Stunned Guys Mix). The Riders. 1996 --- Debian + Mutt + Postfix * Origin: Web Page: http://pbrufal.kleenux.org (Fido 2:346/7.68) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
