Jussi Hirvi wrote:
On 10.5.2010 15.48, Les Mikesell wrote:
How do you handle the default route on the 'connect to both' guests? Normally you only want one default gateway and it should be the same one where the connections are coming in. Otherwise you have to do some very tricky things to make return packets go back the same path they came in, although asymmetrical routes are supposed to work if you don't have NAT or stateful firewalls in the way.
On that dual-network xen-guest, I don't handle the routing in any special way. Now only one nw connection works (because of these routing problems), but if they would both work, packets still might leave from only one interface (default route). I don't see why this would be a problem, though, even if it may not be very elegant.
A) it could saturate the outbound on one link while leaving the other empty
B) the ISP on link 1 might not forwarding outbound packets that are 'from' an IP on a different subnet
NAT'ing two different blocks is semi-ugly, and requires diving into `ip rule add` and `ip route add`... something like...
[after setting up network 1 the 'normal' way, we add these rules for network 2...]
NET2=xxx.yyy.zzz.www/26 NET2GWY=xxx.yyy.zzz.wwx
ip rule add from $NET2 table 200 ip route add default via $NET2GWY dev eth1 table 200 ip route flush cache
so... any packet thats 'from' the subnet $NET2 is tagged to use ip routing table '200' (quite arbitrary), and in turn route table 200 specifies a different default gateway.
I dunno any better way to do this. Also, if you have DMZ hosts you specifically want to bind to the $NET2, you can add source rules for their NAT IP to force them to use the 2nd interface.