Hi guys,
I realise this is problaby more basic than what this list is intended
for, but I had no luck elswhere.
Short version:  I have previously used these lines on a server with two
network interfaces, two public IPs, and one common default gateway, to
make sure that connections coming into eth1 is replied to replied to via
the same interface.  eth0 is 196.xx.xx.35, eth1 is 196.xx.xx.54, gateway
is 196.xx.xx.1:
ip rule add from 196.xx.xx.54 table eth1 prio 3000
ip route add table eth1 via 196.xx.xx.1 dev eth1
Will this work with private two network cards, two private IPs, and two
gateways in the same IP range?  eth0 192.168.1.18 with gw 192.168.1.6
and eth1 192.168.1.17 with gw 192.168.1.1.  The two gateways are NAT-ing
firewalls, will this make a difference?
Thanks
Hans
Long version:
I have to mail server (receiving only) on a network with two NAT-ing
firewalls, all in the same range. It looks like this:
              +-------------+
Internet  --- | Firewall    |
              | 192.168.1.6 |
              +-------------+
                     |
              +--------------+
              | 192.168.1.18 |
              |    Mail      |
              | 192.168.1.17 |
              +--------------+
                     |
              +--------------+
Internet  --- | Firewall     |
              | 192.168.1.1  |
              +--------------+
The first firwall forward incoming connections on port 25 to
192.168.1.17, while the second firewall forward port 25 to 192.168.1.18.
My requirement is simple.  Connections connections need to go out via
the interface that they came in on.  Right now the box replies via
192.168.1.6 (the default gw) regardless of where the connection came in.
I also have only remote access, so I can''t afford to mess up :-)
Thanks
Hans
I somehow missed this: http://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS - looks like what I''m wanting. But it doesn''t mention wether the provders are just routers or NAT-ing routers/firewalls. Will NAT impact? Also just to add to my original mail, the box in question is not a gateway, it doesn''t provide connectivity to anyone. It''s just a mail server than has to use the extra line to act as a backup MX. Thanks Hans
Hans du Plooy <koffiejunkielistlurker@koffiejunkie.za.net> wrote: [...]>Will this work with private two network cards, two private IPs, and two >gateways in the same IP range? eth0 192.168.1.18 with gw 192.168.1.6 >and eth1 192.168.1.17 with gw 192.168.1.1. The two gateways are NAT-ing >firewalls, will this make a difference?I don''t know if the NAT business will make a difference, but I''ve set up multiple-network multiple-gateway configurations more or less like this (substituting your own network values): Configure with policy routes such that responses to inbound traffic for the respective interfaces is routed back out over the same interface. For example: ip rule add from 10.176.13/24 table 50 ip rule add from 10.176.14/24 table 60 For your purposes, "ip rule add iif ethX" may work better (since the network match won''t necessarily segregate anything, as both of your interfaces are on the same network). ip route add table 50 10.176.13/24 dev ethX src 10.176.13.x ip route add table 50 default dev ethX src 10.176.13.x via 10.176.13.1 Where 10.176.13.1 is the gateway for that particular network (or interface, in your case), and 10.176.13.x is the host''s IP address on that network. The other network, 10.176.14/24 on table 60 in this example, is configured similarly, but with the appropriate .14 network values. A global default route can be left in the main routing table for traffic not originating inbound from 10.176.13 or 10.176.14 (or via the appropriate iif, depending on how you set it up). I think you''d need to test a bit to check for the proper configuration, which may be hard via only remote access. -J --- -Jay Vosburgh, IBM Linux Technology Center, fubar@us.ibm.com