Tom Eastep wrote: > CW Möller wrote: >> For a time I had SSH open on the firewall, and I could connect to it >> via SAIX, so it seems to me that the return routing works for TCP if >> not for UDP. > > You are correct in a sense. With TCP, each connection creates a separate > socket; with UDP, there is a single server socket. I'm guessing that is > where the problem lies. Once a connection has occurred through one ISP, > the server always responds with that server's IP address as the source.
That last bit is somewhat garbled. Hopefully this is clearer:
Once a connection has occurred through one ISP, the OpenVPN
server always responds with the source IP address being the
address of the interface to that ISP. That happens even when the
request was received through another ISP.
You might also notice that Samba creates a separate UDP socket for each
interface that it is servicing -- there is obviously a reason that it
does that.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [email protected]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
