Re: IPNAT / Routing question
_at_(none)
Date: 06/30/04
- Next message: Dr. Richard E. Hawkins: "Re: winmodem"
- Previous message: Dr. Richard E. Hawkins: "Re: ethernet if goes down?"
- In reply to: Rob Snyder: "IPNAT / Routing question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 30 Jun 2004 11:00:28 -0400
Rob Snyder wrote:
> Greetings.
>
> I'm trying to troubleshoot a routing / NAT problem on a FreeBSD 4.9
> system, and I'm hoping someone can shed some light on where my problem
> might lie.
>
> The server in question has three network interfaces - fxp0, fxp1, and
> fxp2. fxp1 is internal, with addresses on a 192.x.y.z network. fxp0 is
> connected to our T1 and has public addresses in the 216.*.*.* range.
>
> I have a web server on our internal network, and a RDR rule that sends
> incoming traffic on port 80 from one of our 216* addresses to the web
> server. This works fine.
>
> Recently, we added a second T1 from a different ISP. This is what fxp2
> is connected to, and the addresses are in the 141.*.*.* range. I
> duplicated the RDR rule to allow access to the same web server from
> both a 216* address and a 141* address.
>
> The original configuration still works fine, but I can't get it to
> work with a 141* address coming in on fxp2.
>
> What I've observed is that the the traffic makes it to the box, the
> NAT mapping is setup correctly (observed through ipnat -l), the
> webserver receives the request and tries to respond, but it appears
> that the response goes back out fxp0, not fxp2 where it originated
> from. (I deduced this by watching hits on the ipf rules with ipfstat.
> I am not 100% sure my observation is accurate; my next step is to
> start tcpdump and watch the packets that way).
>
> The default route is through fxp0 where it always was, so I suppose it
> makes sense that all traffic that leaves the box goes there.
>
> So... is this what is likely causing the failure? If so, is there a
> way around this - some way to simulate *two* default routes? Or, is
> this not likely the issue? Even if it isn't, it sort of defeats the
> purpose, so I'd be interested to hear if there is some way to more
> effectively use both connections.
>
> Thanks, in advance, for any help!
>
> Rob Snyder
It sounds like you've got the problem identified, I agree it sounds like
the default route.
Is there any rationale as to how the incoming hosts determine which
interface (i.e. T1) to come in on? Do you have DNS entries noting both,
or multiple virtual servers, some for each? I guess my point is, can
you determine which nets come in fxp2, and add a route accordingly?
- Next message: Dr. Richard E. Hawkins: "Re: winmodem"
- Previous message: Dr. Richard E. Hawkins: "Re: ethernet if goes down?"
- In reply to: Rob Snyder: "IPNAT / Routing question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
