Again two ADSL lines, routing problems

[Henri Hennebert]

Andrea Venturoli wrote:
> Hello.
> I have a setup where a FreeBSD box is connected to two ADSL routers: 
> default gateway is set to the first and, in case of failure, is moved to 
> the other one. This works perfectly for outgoing connections: in the 
> event of the switch, I'll have to reconnect, but that's acceptable.
> 
> The problem is in the incoming connections: if I get one on the "backup" 
> router, this will reach the server, which will however answer through 
> its "default" router. Thus the remote client will see packets coming 
> back from a different host and things won't work.
> Just to be clear, the packets travel as follows (with source and dest IP 
> in brackets):
> Client (x.x.x.x) -> Backup router (y.y.y.y)
> Backup router (x.x.x.x) -> Server (z.z.z.z)
> Server (z.z.z.z) -> Default router (x.x.x.x)
> Default router (v.v.v.v) -> Client (x.x.x.x)
> 
> So the client (x.x.x.x) connects to y.y.y.y (the backup ADSL public IP), 
> but gets answers from v.v.v.v (the master ADSL public IP).
> 
> 
> AFAIK there is no solution to this, but I tought I'd ask before giving 
> my official opinion to my customer.
> Perhaps there's some sort of hack we could use, that through 
> ipfw/natd/other diverting daemon/whatever delivers answers based on the 
> MAC address of the incoming connections (if the MAC address belongs to 
> the backup router, use that for answers)... does anyone know?

I would propose a nat on the internal interface on the backup router for 
all incomming trafic -- with pf:

nat on $int_if proto tcp from !192.168.0.0/16 to $internal_server -> $int_if

so the internal server see trafic comming from the backup router and the 
response go back this way.

Henri
> 
>  bye & Thanks
>     av.
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"