On Friday 21 May 2004 10:30 am, O-Zone wrote: > On Thursday 20 May 2004 19:44, Antony Stone wrote: > > The same applies to your FORWARDing rules as well, by the way, so these > > will need changing before the packets can get through your firewall to > > their destination. > > OK ! Thanks a lot...now all works perfeclty. But i still have a problem > with UDP. My DNS server inside DMZ, 192.168.0.2 ($DMZ_SIENA_IP), is mapped > to two public ip: > > 151.8.47.A ($SIENA_IP) > 81.113.95.B ($SIENA2_IP) How do you route reply packets from those two public IPs back to the sender? Netfilter will correctly apply reverse nat rules to reply packets which are in response to original packets matching nat rules in your ruleset - therefore if you map both the above public IPs to a single DMZ private IP, reply packets will be correctly reverse natted to have the appropriate public source IP. However, you may need to make sure that packets with one source IP go via one ISP and those with the other source IP go via the other ISP (I'm assuming here that you have two entirely different public IPs because you have Internet connections from two ISPs?), as both ISPs may drop packets which have source addresses outside the range they have allocated to you (or which have been allocated to the ISP). If you haven't already looked into iproute2 at http://lartc.org now would be a good time to find out about it. Regards, Antony. -- Late in 1972 President Richard Nixon announced that the rate of increase of inflation was decreasing. This was the first time a sitting president used a third derivative to advance his case for re-election. - Hugo Rossi, Notices of the American Mathematical Society Please reply to the list; please don't CC me.
