[TriLUG] Routing...once again.
brian at strutmasters.com
Tue Aug 8 08:43:21 EDT 2006
I know y'all are probably tired of hearing me ask about this stuff,
but for some reason it's just one thing I'm having a heck of a time
really grasping. I think it's because I'm missing some fundamental
understanding, some important piece of info, which is leaving the rest
of it shaky. Anyway:
I have a machine (let's call it "bob") with two NICs, on two subnets,
for argument's sake 192.168.1.0/24 and 192.168.10.0/24. eth0 is on
.1.0, eth1 is on .10.0. Both subnets have their own gateways, located
at .1.1 and .10.1.
Because of certain important services that come in through the gateway
on the .1.0 subnet (such as SMTP, httpd, ssh, etc.), I need bob's
default gateway to be .1.1. However, I really really really want to run
OpenVPN on bob and have it move traffic solely in and out through the
.10.1 gateway. That service on that machine never needs to move a
single packet out of the default gateway.
I know that that's impossible without some sort of fiddling; even if UDP
packets come in to OpenVPN via the correct gateway (.10), the responses
are routed out through the .1 gateway and dropped somewhere along the
way (or ignored, if they make it all the way back to the client).
I figure it must be doable, though, right? I shouldn't have to have a
separate box to provide the exact same services through two different
gateways, should I? So what's the magic incantation? route tricks?
iptables tricks? Clever misuse of load-balancing software? I'm open to
Brian A. Henning
More information about the TriLUG