Re: [Masq] Masquerading with two or more ISPs

[David Ranch]

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Hello Bob,

 >With my 2.2.x kernel, there is only one default route.

This isn't a 2.2.x issue.. this is a routing issue.
You can setup other default routes with higher metrics
but if the lowest metric interface is up, it will ALWAYS
be used.


 >if I set my default route to be ISP A, traffic comes in from
 >ISP A and goes out ISP A - no problem.
 >However, traffic coming in ISP B goes out ISP A, where it
 >promptly gets dropped because the ISP sees the source IP address
 >is not their network.

This doesn't sound right.  If the traffic is leaving out of
the NIC for ISP A, it will have the IP address of NIC A.
Your traffic is being dropped for a different reason.


 >I tried setting up a masq box on ISP B, complete with the
 >appropriate IPCHAINS and port forwarding, but am still running
 >into the same problem.

There should be no need for (2) IP MASQ servers.
One machine can do both networks if need be.

 >
 >Here's the setup:
 >
 > ISP A  (1.2.3.4)    (default route)           --------------------
 > ----------------------------------------------+eth0 (1.2.3.4)    |
 >                     -----------------         |  MAIN SERVER     |
 >                     |eth1 (10.0.0.1)+---------+eth1 (10.0.0.2)   |
 > ISP B (20.2.2.2)    | MASQ BOX      |          -------------------
 > --------------------+eth0 (20.2.2.2)|
 >                     -----------------

This doesn't make any sense.


 >What I -think- I want is the masq box to rewrite the destination address from 
a
 >packet coming in from ISP B to 10.0.0.2, -AND- rewrite the source address to
 >10.0.0.1.  That way, the main server will reply back to 10.0.0.1, which will
 >then reverse-masq back out ISP B to the originator.

Basic routing will do this NOW without the need for
(2) MASQ servers.  All you need to be sure of is that
your SMTP server is running on both 1.2.3.4 and 20.2.2.2.

--David
.----------------------------------------------------------------------------.
|  David A. Ranch - Linux/Networking/PC hardware         [EMAIL PROTECTED]  |
!----                                                                    ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.