From: "George Vieira" <georgev@citadelcomputer.com.au>
To: Wolfgang Pichler <madmin@dialog-telekom.at>,
netfilter@lists.netfilter.org
Subject: RE: backroute problem
Date: Thu, 24 Jul 2003 07:58:43 +1000 [thread overview]
Message-ID: <09B04A55822EFF4DA48D2E0BB2941D4A15BF94@wardrive.citadelcomputer.com.au> (raw)
You have to use iproute2 to route by source IP and not destination (default gateway).
There is an iptables patch in p-o-m which does some funky iproute stuff too but not sure the name.. have a look
Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au
Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
-----Original Message-----
From: Wolfgang Pichler [mailto:madmin@dialog-telekom.at]
Sent: Thursday, July 24, 2003 6:03 AM
To: netfilter@lists.netfilter.org
Subject: backroute problem
hi all,
we have got new ip addresses - the old one's still exists so that i can
migrate them to the new ones.
the old ip's are directly assigned to the web/mail server (i know that
this isn't good - but i havn't had a fireall at this time) - now i have
a seperate firewall which has the new ip's assigned to it.
Now i'd like to change the dns entries so that the traffic goes over the
new ip's (a 4 MBit line ;-) ) - the problem i have is:
when a packet on the new ip comes then it gets prerouted by the firewall
to the webserver - the webserver gets the packet with the original
source address - now to webserver wants to answer to the packet - but
becuase of the old ip's the webserver have a default route with the old
ip and try's to route the packet over the old gateway - and not back to
the firewall... You know - that can't work.
I am now searching for a solution for this problem. Can netfilter help
me with this problem - or do i have to use iproute (i havn't ever done
something with iproute) help me ?
Can i mark the packet's so the the webserver can send them back in the
right direction ?
mfG
Wolfi
next reply other threads:[~2003-07-23 21:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-23 21:58 George Vieira [this message]
2003-07-24 8:24 ` backroute problem Wolfgang Pichler
2003-07-24 11:53 ` Wolfgang Pichler
-- strict thread matches above, loose matches on Subject: below --
2003-07-23 20:03 Wolfgang Pichler
2003-07-23 20:00 Wolfgang Pichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=09B04A55822EFF4DA48D2E0BB2941D4A15BF94@wardrive.citadelcomputer.com.au \
--to=georgev@citadelcomputer.com.au \
--cc=madmin@dialog-telekom.at \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.