Re: [LARTC] port-mapping with 2 isps

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Diego!

 : hello... i've got an annoying problems that makes me think that i want
 : to do something that is impossible... :) explanation:

No--not impossible.  Not trivial--but not impossible.

 : i've two dsl lines and a linux box as a "load balancer". some traffic
 : goes out by eth0 and other goes out by eth1. (i mark the packets with
 : iptables and then have 2 route tables)

 : i'm currently forwarding some incoming connections (to the port 80 on
 : eth0) to another host inside the network. this works without problems
 : as long as eth0 is the default gateway.
 :
 : trying to forward connections on eth1 port 80 with eth0 as the default
 : gateway results in the linux box loosing the answer packet from the
 : host inside the network.

Same server reachable via two public IPs.  As proven in this forum last
week, by Russell Senior, you can do this EVEN if the internal server has
a single IP.  Until last week, I was convinced that two internal IPs were
required.  That is no longer so.

See the thread which starts here:

  http://mailman.ds9a.nl/pipermail/lartc/2003q2/007952.html

And the magic happens here:

  http://mailman.ds9a.nl/pipermail/lartc/2003q2/008090.html

 : diagram:
 :
 : inet | - isp1 -- eth0\
 :      |                - LINUX ROUTER - eth2 - swith - "server host"
 :      | - isp2 -- eth1/
 :
 : # ip ro sh
 : 81.33.13.128 dev eth1  scope link  src 81.33.13.174
 : 80.25.88.192 dev eth0  scope link  src 80.25.88.228
 : 80.25.88.192/26 dev eth0  proto kernel  scope link  src 80.25.88.228
 : 81.33.13.128/26 dev eth1  proto kernel  scope link  src 81.33.13.174
 : 172.16.0.0/16 dev eth2  proto kernel  scope link  src 172.16.0.2
 : default via 80.25.88.193 dev eth0
 :
 : because eth0 is the default gw, i can forward incoming connections on
 : eth0 to the "server host".
 :
 : can anyone help me so i can forward conections happening on both
 : interfaces (eth0 & eth1, doesn't matter who is the default gw) ?

Another reasonable option is to assign an additional IP address to the
internal server, and follow these instructions to configure the DNAT
and routing for each IP:

  http://linux-ip.net/html/adv-multi-internet.html#adv-multi-internet-inbound

Good luck, Diego,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux