[ILUG] Routing.
Mark Kilmartin
mrk at renre-europe.com
Wed Jan 16 16:30:35 GMT 2002
This looks like the best solution the the problem all around.
But as I said I now have ISP1 routing packets with an ISP2 source.
And I don;t need to have load balancing on them.
MArk
On Wed, 2002-01-16 at 16:27, Paul Jakma wrote:
> On 16 Jan 2002, Mark Kilmartin wrote:
>
> > Packets which are not replies to an already existing incoming connection
> > would be treated by a default NAT rule to look like they came from the
> > IP address of the firewall and would be routed over the default route.
>
> but your firewall has /2/ addresses. one from ISP1, one from ISP2, no?
>
> chances are ISP1 will drop/reject packets with a source from ISP2 and
> vice versa. even if they dont, you still probably will not get any
> kind of balanced use of your links.
>
> so you still have a problem. :)
>
> instead, on each router, set up nat. if they're cisco's, something
> like:
> ip access-list extended isp1-pa
> permit ip <isp1> 0.0.0.x
> ip access-list extended isp2-pa
> permit ip <isp2> 0.0.0.x
>
> ip nat inside source list isp1-pa interface serial 0
>
> should do it.
>
> then all you need on the linux firewall is 1 not at all complicated ip
> command...
>
> --paulj
>
More information about the ILUG
mailing list