[Gllug] routing via a second external IP
Paul Cupis
paul at cupis.co.uk
Wed Aug 13 08:30:59 UTC 2008
John Winters wrote:
> Paul Cupis wrote:
> [snip]
>> No, but if you have two DSL connections (seperate, each with their own
>> IP(s), and you route specific traffic (by IP or port) down the second
>> one (the first being default route), then that traffic will return via
>> the same connection and thus NAT will work just fine.
>
> Yes, but that's not the case being talked about here. The OP asked for
> a solution where the connection is initiated from *outside*. Which
> incoming link is used will therefore be dictated by what IP address the
> outside initiator uses. If that doesn't agree with the way the internal
> routing tables are set up then you'll end up with traffic coming in down
> one link and out down the other. Even this will work only if the target
> internal machine has a real IP address, or all NATing is performed
> entirely behind the merge point of the two links. If NATing is done on
> the links individually (or on one and not the other) then connections
> simply won't work.
Correct.
But....
If the outside parties connect to the second external IP (and therefore
come in on the second pipe), the NAT-ing Linux box will not necessarily
send the traffic back on the same pipe, unless it's routing table tells
it to. Otherwise the return traffic from the box will be sent via the
first pipe and the traffic will not work.
So both of the following is required:
* outside agent connects to IP address of second pipe/connection
* routing table on router specifies return traffic via second pipe
Regards,
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list