2 Internet connection and one local network
security at techside.it
Wed Jan 10 15:43:37 CET 2007
Unfortunately all server have set the default gw to the internal ip of
With tcpdump seems that the packet don't reach the internal server but
reach the external ethernet of the firewall (this sounds very strange....)
ping rqst -----> PUBLIC IP1 ----> |FRW| --\ \--- internal srv
(this don't work)
ping rqst -----> PUBLIC IP2 (default gw) ----> |FRW| ----> internal srv
My configuration is little different about yours; i nat entire server IP
not only port from the 2 isp lines.
Now the only way to use the new line for all the service (except sigh
the servers) is to setup the default gw to the new router and to
maintain the old line with the server (now all the service use this old
public ip) whith the rule:
ip rule add from <internalsrvip> table oldline
If I delete this rule the server respond to the new line but not respond
to the call from the old line.
Matt ha scritto:
> The default gateway on your internal servers should point to the internal IP of the linux firewall box. It sounds to me that you've set the default gateway to the public IP of one of your internet lines - doing this will certainly stop it from working.
> This configuration should remember what internet line the packet arrived at, and when the reply from the internal server arrives back at the linux box, it should be routed back out the same internet line it arrived at.
> Hope that helps,
> -----Original Message-----
> From: netfilter-bounces at lists.netfilter.org
> [mailto:netfilter-bounces at lists.netfilter.org]On Behalf Of Techside
> Sent: 09 January 2007 08:28
> To: netfilter at lists.netfilter.org
> Subject: RE: 2 Internet connection and one local network
> Hi, this configuration don't work for me.
> I have traced the packet that arrive from internet to a internal server;
> when the packet is sended to public ip that corrspond to default
> internet line all is ok, but when i send a packet to public ip that
> correspond to second internet line the packet arrive to firewall and
> don't go forward to internal server. This seems to be an nat or
> forwarding error but I if add the table rule (iproute2)
> ip rule add from <internal server ip> table line2
> the packet go to server and return from the second line.
> All the test is made with the iptables and iproute rule
> described in the reply post.
> What is the meaning of: echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
> I'm using debian sarge with 2.6.17 kernel and iptables 1.3.7
> Any suggestion on what I'm wrong ?
> Sorry for my bad english.
More information about the netfilter