This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

2 gateway and routing / policy routing

I have 2 internet gateway (configuration as below) and a problem.

eth1 80.100.111.66 mask 255.255.255.240 gw 80.100.111.65

eth1:1 81.222.111.130 mask 255.255.255.224 gw 81.222.111.129

(the ip are not real, they are of example)

Some DNAT rules masq some servers on 80 class and other servers on 81 class.

The problem is that when primary default gw is 80.100.111.65, services on servers on 81.222.111.x don't work.
If i change gw order setting primary gw to 81.222.111.129, services on 81.222.111.x work, but services on 80.100.111.x stop to work.

I suppose the problem is that reply packets leave firewall correctly Natted but always routed to primary default gw. And if this gw is the wrong gw, it drops the packets because they aren't in his subnet.

How can i tell to ASL that traffic which is arrived on subnet 81.222.111.x MUST use 81.222.111.129 gw for reply packets, and so for other subnet.

I have tried Policy routing, but with unsuccess.

Best Regards
Fabrizio

Sorry for my bad English

This thread was automatically locked due to age.

Parents

0 frankie_01 over 22 years ago

Please make me understand better ...

1)Do You have something like two HDSL links that come to you thru a single double serial single ethernet router or you have two separate Internet links that come to you thru two ethernet ports ?
2) Are the links from the same or different ISP ?
3) If it is the same ISP it announces contiguos IP or not ?
(eg half of a C class in a link and the other on the second one ?)
4) If it is not the same ISP do you want to achieve a sort of failover just in case one link goes down ?
5) Do you want to have services on public ips in both link ?

I will try to send you an example of policy routing based
on your answer ... considering that i am running in something
like the same problem in the near future if can help you
i am solving my future problems ....

Basically you must tell ASL and your computers that packets sometime have not to use the default gateway but instead a static route .... I must realize entirely where and when add this sroute but if you wish i can try to follow you .... beside that it seems that this thread is ran by italians isn't it ?

Then ciao a tutti....
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 frankie_01 over 22 years ago

Please make me understand better ...

1)Do You have something like two HDSL links that come to you thru a single double serial single ethernet router or you have two separate Internet links that come to you thru two ethernet ports ?
2) Are the links from the same or different ISP ?
3) If it is the same ISP it announces contiguos IP or not ?
(eg half of a C class in a link and the other on the second one ?)
4) If it is not the same ISP do you want to achieve a sort of failover just in case one link goes down ?
5) Do you want to have services on public ips in both link ?

I will try to send you an example of policy routing based
on your answer ... considering that i am running in something
like the same problem in the near future if can help you
i am solving my future problems ....

Basically you must tell ASL and your computers that packets sometime have not to use the default gateway but instead a static route .... I must realize entirely where and when add this sroute but if you wish i can try to follow you .... beside that it seems that this thread is ran by italians isn't it ?

Then ciao a tutti....
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Fabry over 22 years ago in reply to frankie_01

1) 2 HDSL with 2 Cisco Router, 2 ethernet used on ASL
2) Same ISP
3) I don't know
4) No fail over, it's same isp
5) Yes, because we have n1 public ip on Hdsl_1 and n2 public ip on Hdsl_2, with n2 = 2 * n1.
Actually is Hdsl_1 works and hdsl_2 not.

Best Regards
Fabrizio
Cancel
Vote Up 0 Vote Down

Cancel