DNATing from two ISP's into a single server

[Jake L. Wegman]

[forwarding tcp port 1327 from two ISP's into local LAN]
This is not appearing to be as easy as it first seemed.

eth1 \
	 > eth0 -> 10.0.0.139 (tcp port 1327)
eth2 /

With the linux box's default route going through eth1, I can connect to
eth1's IP and successfully DNAT into 10.0.0.139.  However if I attempt to
connect with eth2's IP, I see the traffic arriving (tcpdump on eth2), but no
replies.  When monitoring eth0 I see no traffic sent to 10.0.0.139 as there
should be.

If I swap the default route to eth2 I can then connect with eth2's IP and
DNAT into 10.0.0.139.  However I now experience the problem when attempting
to connect with eth1's IP - I see no traffic forwarded onto 10.0.0.139.

In short, DNAT is only working when the traffic arrives on the default
route?

Would someone be able to offer some assistance to the router challenged?

Thank you
Jake

-----Original Message-----
From: Sumit Pandya [mailto:sumit@elitecore.com]
Sent: Friday, January 25, 2002 8:10 AM
To: netfilter@lists.samba.org
Cc: jake@ultrex.com
Subject: RE: DNATing from two ISP's into a single server


From: "Jake L. Wegman" <jake@ultrex.com>

> My goal is to DNAT into an internal server from either of the two ISP's...
>
> Linux box with three interfaces;
> eth0 - Internal interface
> eth1 - SDSL ISP
> eth2 - Cable ISP
>
> Linux box has default route through eth1
>
> I would like all tcp port 1327 traffic sent to eth1's IP or eth2 IP to be
> DNATed into 10.0.0.193 on eth0.
	iptables -t nat -I PREROUTING -i eth1  --protocol tcp     \
	--destination-port 1327 -j DNAT --to-destination 10.0.0.193
	Apply same rule for eth2 and udp if you requires.

> I would like the responding traffic to
> traverse back on the interfaces that it originated from.
  No need to worry about back route it is taken care by "conntrack" part.

-- Sumit