"Javi" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hi all,
>
> The situation:
> I have a Red Hat 9 linux box with 3 network interfaces, one to the LAN
> and the other 2 connected to the internet. One of them is connected to
> a DSL Router in MONO mode (the linux ethernet has the public IP) while
> the other is connected to a ISDN Router in MULTIhost mode (the router
> has the public IP and a private IP to link with the linux box)
>
> (200.XX.XX.XX) ISDN (192.168.1.1) -- | RH 9 |
> | LINUX |(10.0.0.1) --- LAN
> (10.0.0.X)
> DSL (100.XX.XX.10) ---| BOX |
>
> I have domainA associated with the ISDN public IP (let's say
> 200.XX.XX.XX) and domainB associated with the DSL IP (100.XX.XX.10).
> Both domains are redirected to the same web server (10.0.0.3) on the
> LAN.
> We want the LAN clients to surf the Internet with the DSL, so the DSL
> is the default route.
> So, the routing table is like this:
>
> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth1
> 192.168.1.0 192.168.1.1 255.255.255.0 UG 0 0
> 0 eth2
> 100.XX.XX.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
> 0 lo
> 0.0.0.0 100.XX.XX.1 0.0.0.0 UG 0 0
> 0 eth0
>
> The problem:
>
> DomainB (the DSL-associated one) works fine, but domainA does not work
> at all. If we change the default route to the ISDN Router, the
> situation is teh opposite: domainA works but domainB doesn't. It seems
> that only the domain associated with the default route works, cause
> all packets return back to the client through the default router
> instead of the router they came in...
>
> The question:
> Is my configuration possible? Does anyone know how can I make all
> theese IPs to work fine together? DomainA -> ISDN, DomainB -> DSL and
> LAN clients going outside through the DSL router?
Spoofing is the sending of packets with a source address that you dont
own.
The problem is the ISP's are preventing spoofing ( which is your sending of
packets to them with
someone else's Ip address as the source). ISP A doesnt know you have the Ip
address from ISP B.
The network routers are configured to prevent spoof packets to secure their
network, and to secure your systems too.
When someone makes a connection to you via ISP A, but the return packets go
to ISP B, actually the tcp/ip session requires the packets be labelled with
the IP address that you get from ISP A. ( The way TCP/IP stack identify
packets is by source address, target address, port number and packet
number.)
And so your testing of switching the default route is merely testing the
ISP's antispoofing firewall rules.
The thing is you need two default routes, with one route done with 'routing
based on source address'.
The first is more specific, You need to add the 'source' parameter when
adding the route.
you probably put this command into rc.local or something manually.
You need to add a route like this (I will say in it plain english, because I
dont know the actual syntax - just look up the man page for 'route' )
Add a route , where the source address is blah (hopefully its static ip
address!), where the destination is 0.0.0.0 send it via the isdn interface.
and just leave the standard default route to go via the dsl connection.
>
> I hope you have understood me despite my english level..
> Thanks in advance...
|
Similar Threads
Linear Mode
