[TriLUG] Routing...once again.

Brian Henning brian at strutmasters.com
Tue Aug 8 08:43:21 EDT 2006

Hi Gang,
   I know y'all are probably tired of hearing me ask about this stuff, 
but for some reason it's just one thing I'm having a heck of a time 
really grasping.  I think it's because I'm missing some fundamental 
understanding, some important piece of info, which is leaving the rest 
of it shaky.  Anyway:

I have a machine (let's call it "bob") with two NICs, on two subnets, 
for argument's sake and  eth0 is on 
.1.0, eth1 is on .10.0.  Both subnets have their own gateways, located 
at .1.1 and .10.1.

Because of certain important services that come in through the gateway 
on the .1.0 subnet (such as SMTP, httpd, ssh, etc.), I need bob's 
default gateway to be .1.1.  However, I really really really want to run 
OpenVPN on bob and have it move traffic solely in and out through the 
.10.1 gateway.  That service on that machine never needs to move a 
single packet out of the default gateway.

I know that that's impossible without some sort of fiddling; even if UDP 
packets come in to OpenVPN via the correct gateway (.10), the responses 
are routed out through the .1 gateway and dropped somewhere along the 
way (or ignored, if they make it all the way back to the client).

I figure it must be doable, though, right?  I shouldn't have to have a 
separate box to provide the exact same services through two different 
gateways, should I?  So what's the magic incantation?  route tricks? 
iptables tricks?  Clever misuse of load-balancing software?  I'm open to 
all suggestions.



Brian A. Henning

More information about the TriLUG mailing list