<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Gordon Messmer wrote:
<blockquote cite="mid:4BE4FE3D.4050908@eburg.com" type="cite">
<pre wrap="">On 05/07/2010 07:26 AM, Jussi Hirvi wrote:
</pre>
<blockquote type="cite">
<pre wrap="">[root@farm1 log]# ip route show
62.236.221.64/28 dev eth0 proto kernel scope link src 62.236.221.67
62.220.237.96/27 dev eth1 proto kernel scope link src 62.220.237.104
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
169.254.0.0/16 dev eth1 scope link
default via 62.220.237.126 dev eth1
</pre>
</blockquote>
<pre wrap=""><!---->
Yeah, so you have two interfaces on different IP networks. When someone
connects to 62.236.221.67, the reply packets will still head out through
62.220.237.126 on eth1. That router probably filters the reply packets
since they're from a non-local IP network.
I'm not sure if there's a simpler way to do this: When I have
multi-homed servers I usually just use Shorewall to create two routing
tables: one with a default route through each outbound router. Packets
are marked based on their source address and routed based on those marks.
</pre>
</blockquote>
<br>
<br>
that can be done with `ip route` and `ip rule` and a few iptables
commands, you dont need shorewall to do it for you. you got it exactly
right, you mark sockets that are 'to' the 2nd interface to use the
alternate routing table, whihc specifies the alternate default gateway.<br>
</body>
</html>