[CentOS] routing with 2 public ips

Tue Dec 29 20:39:04 UTC 2015
Gordon Messmer <gordon.messmer at gmail.com>

On 12/29/2015 07:18 AM, Eliezer Croitoru wrote:
> ... Basic 1:1 NAT ... you have two gateways while you have two ip 
> addresses or one on the interface.
> Just to illustrate the issue: AWS instance with two interfaces which 
> have two ip addresses NATTED to them by AWS front tier using some kind 
> of virtual gateway.

I'm struggling to understand what you meant when you said that the 
destination is the gateway.  If you just mean that the traffic is NATed, 
then again, I was not assuming that in any of my explanations.

A host with two addresses and two NAT gateways would apply routing 
policy just like one that isn't behind NAT gateways.  In that 
configuration, NAT isn't relevant.

Now, if you had a host with just one address that was behind two 
different NAT routers, then that would be a configuration that might 
require marking connections based on the MAC address of incoming 
packets, and applying rules based on those marks.  However, such a 
configuration is broken in several different ways, and connection 
marking just digs that hole deeper.  Don't do this.

At some point, I'd remind you of the advice of Dr Robert Anthony: "“If 
you find a good solution and become attached to it, the solution may 
become your next problem."