As suggested on the netfilter list, I'm posting here too:
Current network layout:
Internet
|
----100.100.251.217----
/ (router) \ Internet
| | |
100.100.251.220 100.100.251.218 200.200.64.139
| | |
192.168.100.x \ /
(Office Network) \ /
Linux Multihomed Router
192.168.0.254
|
|
192.168.0.6
Internal Server
I got the above working on our test bed, where users can get to the internal server 192.168.0.6 via either Internet connection. The problem is getting from our Office Network to 200.200.64.139:56100
What appears to be happening is this:
1. Packet is sent from internal router, arrives at 100.100.251.220, is routed through 100.100.251.217 to the Internet.
2. Packet arrives at 200.200.64.139, DNAT'd to 192.168.0.6.
3. Internal Server replies, sends it to it's default gateway (192.168.0.254)
4. Linux server sees 100.100.251.220 as destination, sends to 100.100.251.218 instead of back out of 200.200.64.139. (This is not expected as I'm marking incoming connections at the linux router using CONNMARK/MARK, and connections go in and out of the correct interface when the destination is outside the 100.100.251.216/29 network)
(Note: I don't know if the returning connections are SNAT'd back to 200.200.64.139)
So...
Is there a way around this? i.e. so that the multihoming still works?
It seems that normal routing to the 100.100.251.216/29 network takes precedence over my connection marked rule, that would instruct the packet to be sent out over the correct interface (and maybe therefore SNAT'd correctly too).
Not sure what's going on. Can anyone point me in the correct direction?
Thanks,
Matt
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
