This is for any iptables and networking gurus out there. I have a server that sits on both the BYU private and public network. The one NIC is on a 10.x.x.x/24 network, and the other is on the 128.187.x.x/24 network. This is, of course a bit of a problem, because there can be only one default route. Now one would think, then, that we could trivially add static routes, keeping 10.x traffic on the one NIC, and then everything else on the 128.187 NIC. But the problem is that inside of BYU, computers who are also on the 10.x network can reach both 10.x addresses *and* 128.187. addresses. So in the worst case, traffic from a fellow 10.x node will come in the 10.x NIC and return traffic will go out the 128.x NIC, which I don't think is going to really work, especially if the originating computer is running a firewall, since connection tracking just isn't going to work, and the packet won't be recognized as being a reply.
So my question is, can I use iptables to mangle the packet to mark it somehow, and then have iptables somehow track the connection and make sure that the return packets flow out the right interface? How would I make sure the packets are destined for the right gateway address? If this just can't be done, I'll probably set up a tiny virtual machines (yay KVM!) and just translate certain ports (http(s), for example) from the public address into the private address. If I was designing the BYU network, I would have made public address translate to private addresses, and split the DNS. That way the world would see servers on the 128.187. addresses, but the same servers from within the byu network would see the 10.x addresses. That makes routing a lot more sane. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
