Date: Thu, 12 Jul 2007 14:59:21 +0200 From: Henri Hennebert <hlh@restart.be> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-net@freebsd.org Subject: Re: Again two ADSL lines, routing problems Message-ID: <469625A9.3070703@restart.be> In-Reply-To: <4695FEF4.4030708@netfence.it> References: <4695FEF4.4030708@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrea Venturoli wrote: > Hello. > I have a setup where a FreeBSD box is connected to two ADSL routers: > default gateway is set to the first and, in case of failure, is moved to > the other one. This works perfectly for outgoing connections: in the > event of the switch, I'll have to reconnect, but that's acceptable. > > The problem is in the incoming connections: if I get one on the "backup" > router, this will reach the server, which will however answer through > its "default" router. Thus the remote client will see packets coming > back from a different host and things won't work. > Just to be clear, the packets travel as follows (with source and dest IP > in brackets): > Client (x.x.x.x) -> Backup router (y.y.y.y) > Backup router (x.x.x.x) -> Server (z.z.z.z) > Server (z.z.z.z) -> Default router (x.x.x.x) > Default router (v.v.v.v) -> Client (x.x.x.x) > > So the client (x.x.x.x) connects to y.y.y.y (the backup ADSL public IP), > but gets answers from v.v.v.v (the master ADSL public IP). > > > AFAIK there is no solution to this, but I tought I'd ask before giving > my official opinion to my customer. > Perhaps there's some sort of hack we could use, that through > ipfw/natd/other diverting daemon/whatever delivers answers based on the > MAC address of the incoming connections (if the MAC address belongs to > the backup router, use that for answers)... does anyone know? I would propose a nat on the internal interface on the backup router for all incomming trafic -- with pf: nat on $int_if proto tcp from !192.168.0.0/16 to $internal_server -> $int_if so the internal server see trafic comming from the backup router and the response go back this way. Henri > > bye & Thanks > av. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?469625A9.3070703>