From owner-freebsd-questions  Tue Jul  6 10:33:17 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from server6.singular.com (server6.singular.com [204.140.208.6])
	by hub.freebsd.org (Postfix) with ESMTP id 675D414ECC
	for <freebsd-questions@freebsd.org>; Tue,  6 Jul 1999 10:33:14 -0700 (PDT)
	(envelope-from jbarbee@singular.com)
Received: from bleeding-edge ([204.140.208.172]) by server6.singular.com
          (Post.Office MTA v3.1.2 release (PO205-101c)
          ID# 0-42397U400L100S0) with SMTP id AAA375
          for <freebsd-questions@freebsd.org>;
          Tue, 6 Jul 1999 10:33:11 -0700
Message-Id: <4.1.19990706101104.00bb0b30@server7.singular.com>
X-Sender: jbarbee@server7.singular.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Tue, 06 Jul 1999 10:33:10 -0700
To: freebsd-questions@freebsd.org
From: jbarbee@singular.com (John Barbee)
Subject: unsual network topology doesn't work.
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi,

I'm working on something that has this type of setup.

     |                  |
     | DSL1             | DSL0
     |                  |
   Netopia1           Netopia0
          \           /
           \         /
            \       /
          Netscreen (firewall)
               |
               |
            Unix Box
               |
          LAN Machines

o The Netopias each have their own public IPs.

o The Netopias are doing NAT but both redirect traffic destined for certain
ports to the Unix box, namely ftp, http, timbuktu ports.

o Internally Netopia1 is 172.31.0.2/16 and Netopia0 is 172.31.0.1/16.

o The Netscreen is functioning in "transparent" mode, which means it's
really acting as a bridge and filtering packets as they pass.

o The Unix box is multi-homed with 172.31.0.4/16 and 172.31.5.1/24.

o The LAN machines are all 172.31.5.x/24 using 172.31.5.1, the Unix box,
for their gateway.

o The reason behind all this we'll only have to change the default route on
the Unix box in order to fall back onto the second DSL line.

Here's the problem.
Let's say the default route of the Unix Box goes to Netopia0.  

From the WAN, you can reach the Unix Box just fine if you access it via
DSL0.  e.g. I fill in DSL0's public IP and get the index page on the Unix
Box's webserver.  In this case the incoming and outgoing paths are the same.

However, if you try and access the Unix Box via DSL1 in the same way,
you'll time out.  In this case the incoming and outgoing paths are different.

It is my understand (please let me know if I'm wrong) that packets don't
know anything other than their destination IP and port.  Each router merely
checks the header and passes the packet on.  Thus, there is no reason to
require the incoming and outgoing paths to be the same.  I don't understand
why this isn't working?

Does anyone have any insights into this setup?
Please let me know if I need to provide other information.

john.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message