> -----Original Message-----
> From: mouss [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 20 October 2000 10:34 PM
> To: Ben Nagy; David Loysen
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: Dual firewall question
>
>
> At 09:42 20/10/00 +0930, Ben Nagy wrote:
> >[snip]
>
> that's still hard to get. let's assume that the we server has
> the addresses
> 10.1.0.80 and 10.2.0.80. let's say the first is used when
> ISP1 router is
> concerned, and the second with ISP2 router.
>
> when a TCP packet from 1.2.3.4 is received by the web server,
> the webserver
> needs to send an answer that uses ISP1 or ISP2 routers,
> depending on the
> source address.
> in other words, if the sever sends a packet from 10.1.0.80 to
> 1.2.3.4, it
> should go
> to ISP1 router. on the other hand, if the packet is from 10.2.0.80 to
> 1.2.3.4, it
> should go through ISP2 router.
> For this work, routing should be based on the packet source
> (10.1.* or
> 10.2.*),
> which is not a standard feature. routes are a function of the
> destination,
> not the source.
You've got yourself muddled somewhere. When the packet is heading from the
WWW server to the NAT'ed address of the outside host, 10.2.0.80 (in your
example) _is_ the destination.
Ah! I see what you've done - I'm talking here about NATing the _source_ of
the packet, right? In other words say the external client is 1.2.3.4, OK?
And say that this request has come in from ISP2. In the config I'm talking
about the address of the external client (1.2.3.4) is NAT'ed to 10.2.80.0.
This means that when the server responds normal routing will take care of
the rest - the router knows to reach 10.2.x.x through ISP2.
Hope that makes more sense - drop me a line OOB if it doesn't.
>
> regards,
> mouss
>
Cheers,
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
