Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Grant Edwards <grante@××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: How to do port-based routing?
Date: Mon, 03 Mar 2008 21:46:34
Message-Id: fqhqvk$dj5$1@ger.gmane.org
In Reply to: Re: [gentoo-user] Re: How to do port-based routing? by kashani
1 On 2008-03-03, kashani <kashani-list@××××××××.net> wrote:
2 > Grant Edwards wrote:
3 >
4 >> I don't understand why I have to do NAT. Can you explain why?
5 >> (Or point me to docs that explain why?)
6 >
7 > router01.your.network.com
8 > eth0 - 10.11.12.1
9 > eth1 - 24.1.2.231 - Comcast
10 > eth2 - 64.1.2.132 - Speakeasy
11 >
12 > Naturally RFC 1918 space is useless outside your network so
13 > you have to NAT.
14
15 Both of my gateways are on local networks and are doing NAT.
16
17 > However you need to make sure that you are making your policy
18 > routing decisions at eth0. You don't want traffic marked as
19 > originating from 24.1.2.231 going out eth2
20
21 I don't have IP forwarding enabled, so that shouldn't happen.
22
23 > since Speakeasy could (and should) drop traffic that is not
24 > origination from its IP space. Additionally traffic will be
25 > routing back to your via Comcast connection resulting in
26 > asymmetric routing which can increase the chances of packets
27 > arriving out of order.
28 >
29 > router01.your.network.com
30 > eth0 - 24.2.3.1/29
31 > eth0 - 64.2.3.1/29
32 > eth1 - 24.1.2.231 - Comcast
33 > eth2 - 64.1.2.132 - Speakeasy
34 >
35 > Same case with this setup even with real IPs. The chances of convincing
36 > any ISP to accept routes smaller than /24 from you are tiny. And finding
37 > anyone who knows what you even want to do even when you have the IP
38 > space is pretty much non-existent. I know, I've tried. Same thing in
39 > this case, you'll NAT at eth1 and eth2 and policy router at eth0.
40 >
41 > If you are doing this from a single machine with two IP's and no other
42 > networks or interfaces, it should just work.
43
44 The machine will have different non-routing IPs on the two
45 interfaces where the two NAT/firewall/gateways are. The
46 machine does have interfaces/networks, but since I'm not
47 forwarding packets, they should be irrelevant.
48
49 > Linux should use the IP of interface the packet leaves from,
50 > but I'd use tcpdump to make sure.
51
52 Good idea.
53
54 --
55 Grant Edwards grante Yow! Hello, GORRY-O!!
56 at I'm a GENIUS from HARVARD!!
57 visi.com
58
59 --
60 gentoo-user@l.g.o mailing list
Report Message
Find on MARC Find on Google Groups