Announcement

Collapse
No announcement yet.

using 2 net connections/ how to properly route

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • using 2 net connections/ how to properly route

    sorry for the crappy title, but i dont know what to call this thread.

    i have a linux server that handles the child support services for my county. even though the box resides in my org, it is also belongs to another org's network.

    picture this...



    so maybe from my crappy illustration, you can see the problem. the box already has one NAT on the firewall... when i request a web page, the packets go out the firewall marked for delivery to 10.199.xx.y5, but when the reply comes back to that interface, there is no 10.199.xx.yy on that port. the '10' address that the box has as a virtual IP is not globally routable, and therefore cannot be delivered...

    so what do you do for a situation like this? i am not a networking wizard, and my network guys is somewhat puzzled as to the fix.

    are any of these options applicable to my situation?
    1. connect the box directly to the router and skip the firewall altogether. create a VIP on the 192.168.xx.yy network and dont NAT the 10.199.xx.yy at all. this sounds feasible that is one hell of a cable run. the dmark/router for the '10' comes in on the 2nd floor and this server is over 500m away...
    2. can i assign a second NIC a second VIP and then separate traffic at the OS level? say, 'your internet traffic goes out eth0, the data with a 10 prefix is going out eth1.'?

    surely someone has a similar situation... i would like to know how they accomplished this?

    thank you guys.

    James

    ***EDIT***
    The firewall is a Nokia Checkpoint, if that helps any...
    Thanks.
    Last edited by James Haynes; 20th September 2007, 15:39. Reason: added appliance brand...
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

  • #2
    Re: using 2 net connections/ how to properly route

    i hate it when i make a long post and then figure it out myself...

    the second scenario worked out alright. i have a few extra options with the linux network interface...

    the second card was set up on a separate vlan that is used by the blade center. this gave me a second gateway that wasnt NAT'ed and i was then able to route all internet traffic thru the secondary interface (eth1)

    if any mod wants to, they can delete this thread.

    sorry to waste anyones time.

    thanks,
    James
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: using 2 net connections/ how to properly route

      No time wasted. Someone else will find this useful in the future. You probably figured it out by taking the time to think about your setup and what needed doing when you were typing the post. So, no time wasted and it only took you 50 odd minutes to figure out the solution. Well done. (It is a shame you can't give yourself Rep Points )
      1 1 was a racehorse.
      2 2 was 1 2.
      1 1 1 1 race 1 day,
      2 2 1 1 2

      Comment

      Working...
      X