I happen to be using an httpd server on system B and if I look in the logs when the packets come through system A, I see the IP address of system X so the packet ends up on the default route which for system B which is system A and that works fine. When I do that same thing putting the address of system C in the browser, I get nothing in the logs. But I do see the count on the iptables display go up by 1 on system C
On Tue, 5 Oct 2004 10:37:58 -0400, Kris Van Hees <[EMAIL PROTECTED]> wrote:
I am getting into this discussion a bit late (been out of the country for a while, etc) but I wonder about the following:
X -> A (159.166.1.69) -> B (159.166.4.137)
X -> C (159.166.1.7) -> B (159.166.4.137)
If in this scenario, A and C are forwarding traffic on specific ports to B, then B would see either A or C as the *source* IP address, and thus it would send reply packets to the appropriate IP address (again, A or C, depending on where the traffic came from). A and C should then, using connection tracking and/or explicit NAT in reverse direction, send the replies back to X, coming from A or C depending on who is passing the packets for that case.
So, the scenario would split up as:
X -> A (159.166.1.69)
A (159.166.1.69) -> B (159.166.4.137)
A (159.166.1.69) <- B (159.166.4.137)
X <- A (159.166.1.69)
--------------------------------------------- X -> C (159.166.1.7)
C (159.166.1.7) -> B (159.166.4.137)
C (159.166.1.7) <- B (159.166.4.137)
X <- C (159.166.1.7)
Would that be the mechanism you are looking for? In this, B would only see traffic coming from A and/or C, and respond back to A and/or C. A and C would be responsible for doing the correct address translation to pass things back and forth transparently.
---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
