[CentOS] routing with 2 public ips

Mon Dec 28 12:50:48 UTC 2015
Eliezer Croitoru <eliezer at ngtech.co.il>

I still do not understand something.
The thread started with:
i have a server with 2 public ips on 2 devices.

I want that the request of incoming traffic dont use the default 
gateway. Incoming traffic sould be answered using the gateway of the 
incoming device

Could i realize this with firewalld? Or directly iptables?

Which means he has 1 server with two gateway devices which each has it's 
own broadcast space\network.
It's not clear to me if there are two gateways in the same 
broadcast\network or not.
if it's on the same network then he must have some routing rules and the 
issue is not about a specific src address but about a connection..
Now with both of these devices there he has an issue.
He sure needs to use basic routing skills to make it work using some 
metrics if he wants a static routing setup... but when it becomes almost 
asymmetric it is possible to have a "reverse-path" routing situation 
which is because the server has two default gateways and not one.
For this situation he cannot utilize the source address but only the 
source mac address unless these 2 devices are some sort reverse proxies 
which in this case do not require any routing settings at all and not 
even a default gateway or direct Internet access.

So from what I understood he will need to do some connection marking by 
the MAC address if these two devices are two routers which does NAT.


On 28/12/2015 09:22, Gordon Messmer wrote:
> No, but you don't have to.  In the scenario presented, two links with
> two IP addresses in different broadcast domains, traffic that is sent in
> response to requests received on the second link/IP address will have
> the second IP address in the source address field.  You can use that as
> the rule.
> Remember that Ethernet and IP are separate technologies.  You can make
> routing policies entirely in the IP layer without mixing in Ethernet
> stuff like MAC addresses.