Grant Edwards wrote:
I don't understand why I have to do NAT. Can you explain why?
(Or point me to docs that explain why?)
router01.your.network.com
eth0 - 10.11.12.1
eth1 - 24.1.2.231 - Comcast
eth2 - 64.1.2.132 - Speakeasy
Naturally RFC 1918 space is useless outside your network so you have to
NAT. However you need to make sure that you are making your policy
routing decisions at eth0. You don't want traffic marked as originating
from 24.1.2.231 going out eth2 since Speakeasy could (and should) drop
traffic that is not origination from its IP space. Additionally traffic
will be routing back to your via Comcast connection resulting in
asymmetric routing which can increase the chances of packets arriving
out of order.
router01.your.network.com
eth0 - 24.2.3.1/29
eth0 - 64.2.3.1/29
eth1 - 24.1.2.231 - Comcast
eth2 - 64.1.2.132 - Speakeasy
Same case with this setup even with real IPs. The chances of convincing
any ISP to accept routes smaller than /24 from you are tiny. And finding
anyone who knows what you even want to do even when you have the IP
space is pretty much non-existent. I know, I've tried. Same thing in
this case, you'll NAT at eth1 and eth2 and policy router at eth0.
If you are doing this from a single machine with two IP's and no other
networks or interfaces, it should just work. Linux should use the IP of
interface the packet leaves from, but I'd use tcpdump to make sure.
kashani
--
gentoo-user@lists.gentoo.org mailing list
