Currently we have a GB1000 with external address a.b.c.58/29 which talks to the ISP's router at address a.b.c.57/29. Aliases are set up for a FTP server on a.b.c.59/32 and a web server on a.b.c.60/32. Computers on the protected network use NAT and can see the internet. All works OK as expected.
We want to provide a second ISP connection and use the gateway selector. We're trying to test this configuration. The router for the second ISP has address x.y.z.254/29. So we set aliases of x.y.z.249/29 for the firewall, and x.y.z.250, x.y.z.251 for the servers. Consider a computer on the protected network browsing the internet. If gateway selector has the primary default, packets will leave the firewall showing source address a.b.c.58/29 and replies will be returned to that address. This is a live system so we cannot at present change the default gateway. However testing from a computer on the protected network shows that an attempt to ping the alternative router on x.y.z.254 fails because the packet continues to show the source address a.b.c.58 - thus the router cannot reply because it has no route to a.b.c.58. If the gateway selector determines that the secondary gateway should be the default, can anybody confirm that the source address of packets leaving the firewall will change to that of the alias x.y.z.249 ?? There is nothing in the manual which says that the primary and secondary default gateways must be on the same subnet. I am aware that we could use two external interface. However I forsee a different problem. If a client on the internet tries to access a server on the alias x.y.z.250, what address do the reply packets come from? Is it the alias (x.y.z.250) or the address of the external interface (a.b.c.58)? If it is the latter, and the client is behind his own firewall, that firewall will not allow in the return packets because they don't come from the same IP address that outgoing packets were sent to. Can anybody explain this for me? Regards, -- Graham Jones [EMAIL PROTECTED] 01953 717605 or 077 74 894200 www.linnetsol.co.uk --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
