On 5/11/2010 8:32 AM, Jussi Hirvi wrote: >> Jussi Hirvi wrote: >>> But I have found no mention of this specific dual-bridge >>> problem I have: that ip traffic goes in ok through any physical nic to >>> the dom0 or domUs, but all replies are routed to only one nic (the >>> default gateway). (I verified this with tcpdump.) > > On 11.5.2010 16.08, Les Mikesell wrote: >> That's not xen or bridge related. Unless you do policy-based routing, packets >> always follow the destination route regardless of where the input was received. >> That's a feature, not a bug. > > Ok. But this error does not occur on my other CentOS 5 box (mailserver, > non-xen) which also has 2 nics for 2 public ip segments. There input-nic > is always = outputnic. And I have done nothing special to achieve this > (pure "linux magic"). That's why I "blame" bridges - they are the most > notable difference between these two machines. That doesn't make much (any?) sense. IP traffic is always destination-routed unless you do something unusual. On the other hand, even if you send out to the 'wrong' internet gateway following your default route, any internet connection should be able to deliver to any internet destination. Asymmetrical routing is both permitted and normal, although not necessarily desirable and it may not make it through stateful firewalls. -- Les Mikesell lesmikesell at gmail.com