[CentOS] routing with 2 public ips
Gordon Messmer
gordon.messmer at gmail.com
Tue Dec 29 20:39:04 UTC 2015
On 12/29/2015 07:18 AM, Eliezer Croitoru wrote:
> ... Basic 1:1 NAT ... you have two gateways while you have two ip
> addresses or one on the interface.
> Just to illustrate the issue: AWS instance with two interfaces which
> have two ip addresses NATTED to them by AWS front tier using some kind
> of virtual gateway.
I'm struggling to understand what you meant when you said that the
destination is the gateway. If you just mean that the traffic is NATed,
then again, I was not assuming that in any of my explanations.
A host with two addresses and two NAT gateways would apply routing
policy just like one that isn't behind NAT gateways. In that
configuration, NAT isn't relevant.
Now, if you had a host with just one address that was behind two
different NAT routers, then that would be a configuration that might
require marking connections based on the MAC address of incoming
packets, and applying rules based on those marks. However, such a
configuration is broken in several different ways, and connection
marking just digs that hole deeper. Don't do this.
At some point, I'd remind you of the advice of Dr Robert Anthony: "“If
you find a good solution and become attached to it, the solution may
become your next problem."
More information about the CentOS
mailing list