[CentOS] routing with 2 public ips

Wed Dec 30 07:44:05 UTC 2015
Eliezer Croitoru <eliezer at ngtech.co.il>

I may not understood\interpreted the scenario pretty well.
I will try again:
"i have a server with 2 public ips on 2 devices."
He has two servers or two gateways or both??

"I want that the request of incoming traffic dont use the default 
gateway. Incoming traffic sould be answered using the gateway of the 
incoming device "
How to interpret this sentence???
The scenario I can think of is that these servers have more then one 
gateway and in this case it's really unclear to me if the gateways are 
serving the same networks or not.
 From what I understood in this situation he wants to prevent a reverse 
path routing or in another words he wants the connection that comes from 
some host and gateway(which is unknown) to be returned\continued using 
this same gateway.
So it's really unclear(to me) if it's routing includes two gateways for 
the same network and some routing protocol that allows that or another 

In any case since he spoke about "incoming" traffic which to my basic 
and simple understanding means the whole Internet he cannot use basic 
routing settings to do that *unless* he can predict that all incoming 
traffic is going to be from a specific gateway.
Again I understood that he doesn't know which gateway the traffic will 
come from but he wants to preserve the reverse path to them.

If he will bother to clear it out I will continue to respond and if 
not... well it's clear that there are couple possibilities to the 
scenario and I was referring to a specific one.

So in any case I will add that in the past the linux kernel implemented 
a routing cache which was removed somewhere in the 3.X versions and 
while it existed it was so that if someone was contacting a server that 
had this kernel the routing cache was causing a weird scenario which the 
kernel would route traffic using the same gateway as long as the cache 
entry exists.
However in the kernels which this cache was removed a Packet By Packet 
routing decision is being made and unless you can know who are all your 
clients you cannot predict their routing path using a simple static 
linux routing setup and you would be required to choose some other 
I don't know really who Dr Robert Anthony is but his words are true only 
for specific and understood scenarios which I can understand and interpret.
The situation is that I still do not understand it and I tried to answer 
a specific scenario which I think applies to couple of them.

All The Bests,

On 29/12/2015 22:39, Gordon Messmer wrote:
> Now, if you had a host with just one address that was behind two
> different NAT routers, then that would be a configuration that might
> require marking connections based on the MAC address of incoming
> packets, and applying rules based on those marks.  However, such a
> configuration is broken in several different ways, and connection
> marking just digs that hole deeper.  Don't do this.
> At some point, I'd remind you of the advice of Dr Robert Anthony: "“If
> you find a good solution and become attached to it, the solution may
> become your next problem."
> ___________________________________________