As suggested on the netfilter list, I'm posting here too:
Current network layout:
Internet
|
----100.100.251.217----
/ (router) \ Internet
| | |
100.100.251.220 100.100.251.218 200.200.64.139
| | |
192.168.100.x \ /
(Office Network) \ /
Linux Multihomed Router
192.168.0.254
|
|
192.168.0.6
Internal Server
I got the above working on our test bed, where users can get to the internal
server 192.168.0.6 via either Internet connection. The problem is getting from
our Office Network to 200.200.64.139:56100
What appears to be happening is this:
1. Packet is sent from internal router, arrives at 100.100.251.220, is routed
through 100.100.251.217 to the Internet.
2. Packet arrives at 200.200.64.139, DNAT'd to 192.168.0.6.
3. Internal Server replies, sends it to it's default gateway (192.168.0.254)
4. Linux server sees 100.100.251.220 as destination, sends to 100.100.251.218
instead of back out of 200.200.64.139. (This is not expected as I'm marking
incoming connections at the linux router using CONNMARK/MARK, and connections
go in and out of the correct interface when the destination is outside the
100.100.251.216/29 network)
(Note: I don't know if the returning connections are SNAT'd back to
200.200.64.139)
So...
Is there a way around this? i.e. so that the multihoming still works?
It seems that normal routing to the 100.100.251.216/29 network takes precedence
over my connection marked rule, that would instruct the packet to be sent out
over the correct interface (and maybe therefore SNAT'd correctly too).
Not sure what's going on. Can anyone point me in the correct direction?
Thanks,
Matt
_______________________________________________
LARTC mailing list
[email protected]
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
