<div dir="ltr"><br><br><div class="gmail_quote">On Mon, Aug 20, 2012 at 10:03 AM, David Ronkin <span dir="ltr"><<a href="mailto:dronkin@gmail.com" target="_blank">dronkin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 .8ex;border-left:1px #ccc solid;border-right:1px #ccc solid;padding-left:1ex;padding-right:1ex">
<div dir="rtl"><div dir="ltr">We had similar configuration & issue when switched from old sisco router to new fortigate.</div><div dir="ltr">Fixed it by a smart support guy totally by chaging routing rules on the router.</div>
</div></blockquote><div>it could work by the second router doing an inverse NAT, i am not sure it is possible, but there it has a lot of restrictions (i.e. can't generate outbound connection ...) <br></div><blockquote class="gmail_quote" style="margin:0 .8ex;border-left:1px #ccc solid;border-right:1px #ccc solid;padding-left:1ex;padding-right:1ex">
<div dir="rtl">
<div dir="ltr"><br></div><div dir="ltr">Recheck the routing rules on your setup, don't think you need to dive down to the kernel.</div></div></blockquote><div>it's not diving to the kernel, it is just a few "ip" commands. <br>
</div><blockquote class="gmail_quote" style="margin:0 .8ex;border-left:1px #ccc solid;border-right:1px #ccc solid;padding-left:1ex;padding-right:1ex"><div dir="rtl"><div dir="ltr"><br></div><div dir="ltr">David</div><div dir="ltr">
<br></div><div><br>
</div><div><br>-- <br><div dir="rtl">בברכה, <br>דוד רונקין<br><div>נא בקרו בבלוג שלי: <a href="http://dronkin.blogspot.com/" target="_blank">http://dronkin.blogspot.com</a> <br>
</div><div><br></div></div></div><br><br><div class="gmail_quote"><div dir="ltr">2012/8/20 Erez D <span dir="ltr"><<a href="mailto:erez0001@gmail.com" target="_blank">erez0001@gmail.com</a>></span></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div class="h5">
<div dir="ltr">hello<br><br><br>i have a server with two eth ports, each connects to a different router, and then to the internet.<br>i want all normal trafic to the internet to go via router 1 (eth0), so i added a default route to it<br>
i want connections TCP coming from all over the internet to the second router(eth1), to be accepted.<br><br>the problem is that altough connections are coming from eth1, due to the default route, they are answered from eth0, which means a tcp connection can not be established.<br>
i know that linux has a conntrack module, can i use it to tell the kernel to answer on the same eth it got SYN from ?<br></div>
<br></div></div>_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il" target="_blank">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div><div dir="rtl"><div><br></div></div><br>
</div>
</blockquote></div><br></div>