Re: policy routing
Cenk Hasirlioglu <cenkh@efes.net.tr> writes:
> Packets are sending by dialup terminals (at the and of the
> FIGURE below). Cisco routers on the way have their own
> different "default gateway"s but "next-hop" policies sends
> packets to linux. Also linux sends packets to 7206
> (212.174.112.18, top of the FIGURE) by iproute settings.
> 7206 can distribute local packets but it cannot send other
> packets to Internet.
Are you sure that the configuration of the 7206 would let it forward packets
from the other network? Perhaps it only knows about it's attached network
(212.174.112/?) and it is refusing to let out packets whose source address is
from the 212.174.232.0/24 network?
Your situation sounds a little more complicated than mine. I have a single
firewall with a private IP DMZ. Real IPs from each of the attached networks
are assigned to the firewall, ports are forwarded as needed and the ip rules
dictate that traffic from a given internal server be masqueraded as a
specific IP and routed out a specific gateway. In all cases the default
route is a single hop.
--
fraser campbell <fraser@starnix.com> starnix inc.
tollfree: (905) 771-0017 thornhill, ontario, canada
http://www.starnix.com/ professional linux services & products
Reply to: