Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > Routing by source?

Reply
Thread Tools Display Modes

Routing by source?

 
 
Pascal Nobus
Guest
Posts: n/a

 
      08-20-2003, 01:50 AM
A question, don't know if it's possible. Looked in the howto's but didn't
find anything.


Situation

Internet
| |
link A link B
| |
firewall-A firewall-B
192.168.0.1 192.168.1.1
| |
\ /
\ /
| |
eth0 eth1
192.168.0.2 192.168.1.2
webserver



The webserver is configured with both gateways
0.0.0.0 gw 192.168.0.1 metric 0
0.0.0.0 gw 192.168.1.1 metric 1

So normal traffic goes throught link A,
if A goes down, normal traffic goes through link B.


When both links are up, someone from the outside can go directly to eth1
(through link-B), but the respons will return by link-A.
This works for most things (http/pop/ssh etc.)
But passive FTP doesn't work.

In the firewall's the module ip_conntrack_ftp is loaded, so by normal
situation the firewall knows what port to let open. Only in this case the
traffic needed is gone out by the other firewall.
So after the inititial 'handshake' the portnumber is sent to the
internet-client (by the default gateway/firewall-A), and the client opens
this new port to eth1, but this is offcourse blocked by firewall-B


Solution:
If traffic is coming in by eth1, it should go out by eth1 and gateway-B (not
the default gateway)

Is this possible?


or do I need another solution?


BTW.
if the webserver is a windows-server (with WU-FTP) it still works.
Seems as this machine tries also the other connection if the ftp-connection
isn't made.... (or it blast out the request to all it connections by default
:-))



I also had to punch open the firewall for connections to normal ports NOT
syncing and not established already. (same problem)


Hope someone gives me a clue where to look for (or tell me that's
impossible)


best regards,
Pascal
 
Reply With Quote
 
 
 
 
/dev/rob0
Guest
Posts: n/a

 
      08-20-2003, 03:20 AM
In article <XtA0b.76025$(E-Mail Removed)>,
Pascal Nobus wrote:
> Solution:
> If traffic is coming in by eth1, it should go out by eth1 and gateway-B (not
> the default gateway)
>
> Is this possible?

iproute2. See the Adv-Routing-HOWTO. Also see the Linux dead gateway
detection patch here:
http://www.ssi.bg/~ja/
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply
 
Reply With Quote
Reply

« Openldap ./configure errors | Routing Problem »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
source based routing help needed Jack Snodgrass Linux Networking 4 02-29-2008 10:31 AM
Multiple WAN lines - source routing jesper@harder.adsl.dk Linux Networking 0 02-19-2007 09:54 AM
Packet routing by source IP andrei.stoian@gmail.com Linux Networking 3 10-12-2006 03:37 PM
iproute2 source routing Sven Boeckelmann Linux Networking 0 10-31-2005 01:50 PM
iproute2 source routing Sven Boeckelmann Linux Networking 0 10-30-2005 01:11 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11