RE: backroute problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



i am not an expert - but how can i use iproute2 routing by source ip ?
If i understand the whole thing right then the webserver doesn't get the
ip of the firewall as source ip - it gets the original ip - so - how can
iproute2 then know which packet was comming from the firewall and which
packet was comming from the old gateway.

But another thing come to mind: Wouldn't it be possible to Mark the
packets on the firewall - and then tell iproute2 to route marked packets
to the firewall back ?

mfG
Wolfi

Am Mit, 2003-07-23 um 21.58 schrieb George Vieira:
> You have to use iproute2 to route by source IP and not destination (default gateway).
> 
> There is an iptables patch in p-o-m which does some funky iproute stuff too but not sure the name.. have a look
> 
> Thanks,
> ____________________________________________
> George Vieira
> Systems Manager
> georgev@xxxxxxxxxxxxxxxxxxxxxx
> 
> Citadel Computer Systems Pty Ltd
> http://www.citadelcomputer.com.au
> 
> -----Original Message-----
> From: Wolfgang Pichler [mailto:madmin@xxxxxxxxxxxxxxxxx]
> Sent: Thursday, July 24, 2003 6:03 AM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: backroute problem
> 
> 
> hi all,
> 
> we have got new ip addresses - the old one's still exists so that i can
> migrate them to the new ones.
> 
> the old ip's are directly assigned to the web/mail server (i know that
> this isn't good - but i havn't had a fireall at this time) - now i have
> a seperate firewall which has the new ip's assigned to it.
> 
> Now i'd like to change the dns entries so that the traffic goes over the
> new ip's (a 4 MBit line ;-) ) - the problem i have is:
> 
> when a packet on the new ip comes then it gets prerouted by the firewall
> to the webserver - the webserver gets the packet with the original
> source address - now to webserver wants to answer to the packet - but
> becuase of the old ip's the webserver have a default route with the old
> ip and try's to route the packet over the old gateway - and not back to
> the firewall... You know - that can't work.
> 
> I am now searching for a solution for this problem. Can netfilter help
> me with this problem - or do i have to use iproute (i havn't ever done
> something with iproute) help me ?
> 
> Can i mark the packet's so the the webserver can send them back in the
> right direction ?
> 
> mfG
> Wolfi
> 
> 
> 
> 
> 
> 
> 
> 





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux