On Wed, Dec 06, 2000 at 08:19:46PM +1100, Crossfire wrote:
I'm a bit confused by your reply.
> With the default going to link2, any traffic this machine routes will go out
> through link2 by default. Also, any connections initiated by this machine
> will go out link2 unless specifically bound to link1.
With the default going to link2, any traffic this machine sends will go out
through link2 unless a more specific route exists.
> Of course, replies to
> these requests will also come in through link2. This is probably not what
> you desire.
You can't control what interface you recieve packets from.
> Uh, no. Replies are *always* sent out the interface the original packet
> arrived for.
No they're not, what interface they come from is irrelevant. The
reply goes where ever the routing table tells it to go based on
the destination ip address. (*)
The interface the packet was received from is used as the source
address. But normally the source address isn't used for routing
decisions, only the destination ip address.
> > Is there a way to tell linux to source outgoing packets with the address
> of the link that it came
> > in from?
>
> I think you mean: s/from/for/
My english is bad, but from makes more sense to me.
>
> This always happens with TCP anyway [if it didn't, things would break.
> fast.]. With UDP, its up to the program to decide how to behave.
No, tcp and udp have nothing to do with routing (*). IP is used for
routing, the kernel makes a decision about what interface to send
the packet based on the packets destination address and the
routing table.
[Usually
> they behave well and reply on the interface they were contacted on, since
> clients would probably go "huh?!" if they didn't].
Actually it works fine, and thats how satellite links work.
They receive packets on the satellite interface and send
them on the land line interface. It works fine.
> In fact... if this didn't work, our NAT rig at work wouldn't work at all.
?
> > Can ipchains help?
>
> No.
It could help.
> > Any help or suggestions on this matter?
>
> You could possibly use Policy Routing to help. I'm not sure which tool you
> use to set up policy routes - I've never had to do this myself to date.
* policy routing will make routing decisions not just based on the
destination ip address, but also the source address, etc. And using
ipmasqadm you can route based on protocol, port, type of service, etc.
Basically if you can nail the packets you want with an ipmasqadm rule
you can route them where ever you want.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
