advanced routing q

advanced routing q

Erez D erez0001 at gmail.com
Mon Aug 20 10:30:18 IDT 2012


On Mon, Aug 20, 2012 at 10:03 AM, David Ronkin <dronkin at gmail.com> wrote:

> We had similar configuration & issue when switched from old sisco router
> to new fortigate.
> Fixed it by a smart support guy totally by chaging routing rules on the
> router.
>
it could work by the second router doing an inverse NAT, i am not sure it
is possible, but there it has a lot of restrictions (i.e. can't generate
outbound connection ...)

>
> Recheck the routing rules on your setup, don't think you need to dive down
> to the kernel.
>
it's not diving to the kernel, it is just a few "ip" commands.

>
> David
>
>
>
> --
> בברכה,
> דוד רונקין
> נא בקרו בבלוג שלי: http://dronkin.blogspot.com
>
>
>
> 2012/8/20 Erez D <erez0001 at gmail.com>
>
>>  hello
>>
>>
>> i have a server with two eth ports, each connects to a different router,
>> and then to the internet.
>> i want all normal trafic to the internet to go via router 1 (eth0), so i
>> added a default route to it
>> i want connections TCP coming from all over the internet to the second
>> router(eth1), to be accepted.
>>
>> the problem is that altough connections are coming from eth1, due to the
>> default route, they are answered from eth0, which means a tcp connection
>> can not be established.
>> i know that linux has a conntrack module, can i use it to tell the kernel
>> to answer on the same eth it got SYN from ?
>>
>> _______________________________________________
>> Linux-il mailing list
>> Linux-il at cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20120820/1a7b5477/attachment.html>


More information about the Linux-il mailing list