LARTC
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[LARTC] Multihoming & routing & NAT problem

from [Matt] [Permanent Link][Original]
To: <lartc@mailman.ds9a.nl>
Subject: [LARTC] Multihoming & routing & NAT problem
From: "Matt" <Matt@PlumSoftware.co.uk>
Date: Tue, 12 Dec 2006 12:42:25 -0000
Delivered-to: sp-com-lists@consult.net
Delivered-to: lartc-list@securepoint.com
Delivered-to: lartc@outpost.ds9a.nl
List-archive: <http://mailman.ds9a.nl/pipermail/lartc>
List-help: <mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id: "Mailinglist of the Linux Advanced Routing &amp; Traffic Control project" <lartc.mailman.ds9a.nl>
List-post: <mailto:lartc@mailman.ds9a.nl>
List-subscribe: <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe: <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
Sender: lartc-bounces@mailman.ds9a.nl
Thread-index: Accd6voYvEkfCAVJRA+Bj4K3eLF40A==
Thread-topic: Multihoming & routing & NAT problem

As suggested on the netfilter list, I'm posting here too:

Current network layout:


                Internet                 
                   |                     
         ----100.100.251.217----          
        /      (router)        \                  Internet
       |                        |                     |
 100.100.251.220           100.100.251.218        200.200.64.139
       |                        |                     |
 192.168.100.x                   \                   /
(Office Network)                  \                 /
                                         Linux Multihomed Router
                                       192.168.0.254
                                             |
                                             |
                                        192.168.0.6
                                      Internal Server


I got the above working on our test bed, where users can get to the internal server 192.168.0.6 via either Internet connection. The problem is getting from our Office Network to 200.200.64.139:56100

What appears to be happening is this:

1. Packet is sent from internal router, arrives at 100.100.251.220, is routed through 100.100.251.217 to the Internet.
2. Packet arrives at 200.200.64.139, DNAT'd to 192.168.0.6.
3. Internal Server replies, sends it to it's default gateway (192.168.0.254)
4. Linux server sees 100.100.251.220 as destination, sends to 100.100.251.218 instead of back out of 200.200.64.139. (This is not expected as I'm marking incoming connections at the linux router using CONNMARK/MARK, and connections go in and out of the correct interface when the destination is outside the 100.100.251.216/29 network)

(Note: I don't know if the returning connections are SNAT'd back to 200.200.64.139)

So...

Is there a way around this? i.e. so that the multihoming still works?

It seems that normal routing to the 100.100.251.216/29 network takes precedence over my connection marked rule, that would instruct the packet to be sent out over the correct interface (and maybe therefore SNAT'd correctly too).

Not sure what's going on. Can anyone point me in the correct direction?

Thanks,

Matt 



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Routing & NAT Problem take #2, ArcosCom Linux User
Next by Date:  [LARTC] Routing Problem, Javier A Toledano
Previous by Thread:  Re: Routing & NAT Problem take #2, ArcosCom Linux User
Next by Thread:  Re: [LARTC] Multihoming & routing & NAT problem, Taylor, Grant
Indexes:  [Date] [Thread] [Top] [All Lists]