> > Hi,
> >
> > I had the same problem some time ago, I couldn't have DNAT working onmy
> > second interface. Could you please post all your routing tables?
> > And also, what are your connections? Both PPP? PPPoE? ...
> >
>
> OK, I am using Static IP for both links. Here is my routing table :-
> ( I use symbolic name here for easier reading .... )
[ snip ]
I am beginning to think multipath inbound port forwarding
is not as simple as constructiong these iptables rules :-
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 80 -j
> DNAT --to ${SERVER}:80
> iptables -A FORWARD -p tcp -d ${SERVER} --dport 801 -o ${INSIDE_DEVICE}
> -j ACCEPT
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP2} --dport 80 -j
> DNAT --to ${SERVER}:80
> iptables -A FORWARD -p tcp -d ${SERVER} --dport 801 -o
${INSIDE_DEVICE} -j
> ACCEPT
>
Maybe I should ask has anybody gotten this to work before ?
The reason I am suspecting this not working is this :-
The inbound port forwarding rules are fine as far as receiving the
connection, but when it replies will still take the whatever routing path
defined by the system. If the system is doing loading balancing, chances
is that it will be going via some other interfaces, thereby causing
connection problem. So my question is if there is a way to ask the
firewall to reply via the interface where it is coming in from ?
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
