[ILUG] Routing.
Paul Jakma
paulj at alphyra.ie
Wed Jan 16 16:27:52 GMT 2002
On 16 Jan 2002, Mark Kilmartin wrote:
> Packets which are not replies to an already existing incoming connection
> would be treated by a default NAT rule to look like they came from the
> IP address of the firewall and would be routed over the default route.
but your firewall has /2/ addresses. one from ISP1, one from ISP2, no?
chances are ISP1 will drop/reject packets with a source from ISP2 and
vice versa. even if they dont, you still probably will not get any
kind of balanced use of your links.
so you still have a problem. :)
instead, on each router, set up nat. if they're cisco's, something
like:
ip access-list extended isp1-pa
permit ip <isp1> 0.0.0.x
ip access-list extended isp2-pa
permit ip <isp2> 0.0.0.x
ip nat inside source list isp1-pa interface serial 0
should do it.
then all you need on the linux firewall is 1 not at all complicated ip
command...
--paulj
More information about the ILUG
mailing list