Thanks Joshua,
Your links led me to the right place eventually. The key
thing I was missing
was the file
/proc/sys/net/ipv4/conf/eth1/rp_filter
which needed a 0 echo'ed into it.
All working now !
Alan
Alan Wilson | Icetrak Ltd | v 0845 456 0561 | f: 0870 889
5005 | w:
http://www.icetrak.com/
-----Original Message-----
From: redhat-list-bounces redhat.com
[mailto:redhat-list-bouncesredhat.com]
On Behalf Of redhat-list-requestredhat.com
Sent: 02 April 2007 17:00
To: redhat-listredhat.com
Subject: redhat-list Digest, Vol 38, Issue 2
------------------------------
Message: 3
Date: Mon, 2 Apr 2007 11:58:30 +0100
From: "Alan Wilson, Icetrak" <awilsonicetrak.net>
Subject: Firewall/iproute query
To: <redhat-listredhat.com>
Message-ID: <065701c77515$dcafcbe0$6f2aa8c0icetrakw.icetrak.net>
Content-Type: text/plain; charset="us-ascii"
Hi,
Has anyone done something like this before ? I've checked
the
Netfilter/iptables FAQ's and the iproute2/policy routing
documentation, but
no-one seems to have done anything exactly like this
before.
I have a managed server on the internet, IP address a.b.c.d,
and it needs to
connect to another managed server, somewhere else on the
internet, with
public address w.x.y.z. The server w.x.y.z is behind a
router and firewall
(F), running Fedora 6. All well and good, I can connect on
the ports I
require.
However, to provide some redundancy, I've got two different
ISP's coming
into the firewall F, call them A and B. I've put several
network cards in
w.x.y.z, configured one for ISP A and ISP B, and I can
connect via ISP A to
w.x.y.z when I make the default route to the appropriate
network A, and
similarly with connection via ISP B when the default route
from w.x.y.z is
via the appropriate network B.
What I'd like to do is NAT or smart policy routing so that I
can route to
server w.x.y.z via an ISP of choice from a.b.c.d without
restarting networks
adding/removing routes etc. Ideally, I'd like to load
balance so, for
example traffic for port xxxx goes via ISP A and traffic for
port yyyy goes
via ISP B in real time. Or even the same port on a
round-robin basis.
When we try this and do some packet analysis, it seems that
with ISP A as
the default gateway on server w.x.y.z, packets sent via ISP
B are received
at w.x.y.z, but the replies destined for a.b.c.d are routed
to ISP A.
Any thoughts ? Is this even possible ?
Hope the description makes sense.
Thanks,
Alan
Alan Wilson | Icetrak Ltd | v 0845 456 0561 | f: 0870 889
5005 | w:
http://www.icetrak.com/
------------------------------
Message: 4
Date: Mon, 2 Apr 2007 06:53:01 -0600
From: "Joshua Gimer" <jgimergmail.com>
Subject: Re: Firewall/iproute query
To: "General Red Hat Linux discussion list"
<redhat-listredhat.com>
Message-ID:
<cf939bff0704020553g3589c4cdn4245c4fe7f9cdd47mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
http://www.linux.com.lb/wiki/index.p
l?node=Load%20Balancing%20Across%20Multi
ple%20Links
You would need to do some more iproute2 magic to setup two
default gateways,
but it is easy enough.
ht
tp://www.clintoneast.com/articles/multihomed.php
--
Thx
Joshua Gimer
--
redhat-list mailing list
unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe
h
ttps://www.redhat.com/mailman/listinfo/redhat-list
|
