Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Suggestions Please: 2 ISP's, forward traffic into single server o n private network - 3 interface gateway

From: "Jake L. Wegman" <jake () ultrex com>
Date: Tue, 29 Jan 2002 11:54:47 -0600
Good afternoon gentlemen,

        I am beginning a project to construct a firewall / gateway using an
open source platform such as Linux or *BSD and as such, I am soliciting
suggestions.  The primary goal of this gateway will forward tcp traffic
(dport 1327) from two Internet connections to dport 1327 on a server behind
the gateway (private network).

The first attempt used Linux 2.4.x using IPTABLES 1.2.4.

eth0    LAN [private]
eth1    SDSL [Internet]
eth2    CABLE [Internet]

I would like tcp port 1327 traffic from either eth1 or eth2 to be forwarded
to a server on the eth0 segment with the appropriate responses traversing
back through the originating interface.

The default route for the gateway was eth1.  When sending tcp 1327 to eth1's
IP, it would correctly connect with the server on the eth0 segment.  However
when sending tcp 1327 to eth2's IP, the return traffic would be sent to the
default route on eth1 breaking / negating the connection.

When the default route was swapped to eth2 we are able to connect with
eth2's IP, however the problem appeared when attempting to connect with
eth1.

The connection tracking was using the default route regardless of the
incoming interface.  Routing as of now is not one of my strong points.
Would IPROUTE2 correct this issue?  Marking the packets as they traverse the
filter?

The second attempt was FreeBSD, however natd (uses divert socket) will only
bind to one interface / address - if this is incorrect, please assist in
directing me to the appropriate resources.

Bottom line, if you have been in this situation and have found a solution,
please let me know.  I will consider any open source operating system
platform.  The load of the traffic will be no more than 1 Mbit.

Thank you
Jake

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: