On Saturday 24 January 2004 3:35 am, Sandy T. Santos wrote:
> our campany has two internet links from different isp's. we then use both
> of these to host the company's webserver. what i want is that the
> webserver maybe accessible by coming from my isp1 link or my isp2 link. i
> know that i need to set up my dns to have two ip addresses that points to
> my linux box and then DNAT that connection towards my webserver. what i
> don't know is what's the iptables script gonna look like for the SNAT
> reply. how would i be able to determine that the request that came in to
> my webserver originated from my isp1 or isp2 link so that the reply would
> be SNAT'ed to that interface?
I suggest you give your webserver two internal addresses on the same interface
(eg 192.168.1.100 and 192.168.1.101, or whatever fits with your addressing
scheme), and DNAT one public address to the first, and the other public
address to the second.
Your web server applications should be able to listen on multiple addresses,
and it will reply from the address which was contacted, therefore the
automatic SNAT rules which netfilter will do for you behind the scenes will
work. No need for manual SNAT rules.
Regards,
Antony.
--
My New Year's resolution is not to make any resolutions I can't keep.
I'm wondering whether I've failed already.
Please reply to the list;
please don't CC me.
