From: kashani <kashani-list@badapple.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: How to do port-based routing?
Date: Mon, 03 Mar 2008 13:09:08 -0800 [thread overview]
Message-ID: <47CC68F4.2010809@badapple.net> (raw)
In-Reply-To: <fqhnkc$q5$2@ger.gmane.org>
Grant Edwards wrote:
> I don't understand why I have to do NAT. Can you explain why?
> (Or point me to docs that explain why?)
>
router01.your.network.com
eth0 - 10.11.12.1
eth1 - 24.1.2.231 - Comcast
eth2 - 64.1.2.132 - Speakeasy
Naturally RFC 1918 space is useless outside your network so you have to
NAT. However you need to make sure that you are making your policy
routing decisions at eth0. You don't want traffic marked as originating
from 24.1.2.231 going out eth2 since Speakeasy could (and should) drop
traffic that is not origination from its IP space. Additionally traffic
will be routing back to your via Comcast connection resulting in
asymmetric routing which can increase the chances of packets arriving
out of order.
router01.your.network.com
eth0 - 24.2.3.1/29
eth0 - 64.2.3.1/29
eth1 - 24.1.2.231 - Comcast
eth2 - 64.1.2.132 - Speakeasy
Same case with this setup even with real IPs. The chances of convincing
any ISP to accept routes smaller than /24 from you are tiny. And finding
anyone who knows what you even want to do even when you have the IP
space is pretty much non-existent. I know, I've tried. Same thing in
this case, you'll NAT at eth1 and eth2 and policy router at eth0.
If you are doing this from a single machine with two IP's and no other
networks or interfaces, it should just work. Linux should use the IP of
interface the packet leaves from, but I'd use tcpdump to make sure.
kashani
--
gentoo-user@lists.gentoo.org mailing list
next prev parent reply other threads:[~2008-03-03 21:16 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-03 18:05 [gentoo-user] How to do port-based routing? Grant Edwards
2008-03-03 18:25 ` Uwe Thiem
2008-03-03 19:26 ` [gentoo-user] " Grant Edwards
2008-03-03 19:32 ` Jason Carson
2008-03-03 19:32 ` Arturo 'Buanzo' Busleiman
2008-03-03 19:11 ` [gentoo-user] " Jason Carson
2008-03-03 19:36 ` [gentoo-user] " Grant Edwards
2008-03-03 20:12 ` Dan Cowsill
2008-03-03 20:34 ` Grant Edwards
2008-03-03 20:18 ` kashani
2008-03-03 20:38 ` Grant Edwards
2008-03-03 20:50 ` Grant Edwards
2008-03-03 21:09 ` kashani [this message]
2008-03-03 21:35 ` Grant Edwards
2008-03-06 22:29 ` [gentoo-user] " Dan Farrell
2008-03-06 23:00 ` Mark David Dumlao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47CC68F4.2010809@badapple.net \
--to=kashani-list@badapple.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox