|
On Fri, Mar 04, 2005 at 10:29:41AM -0300, Elton Ramos Carvalho wrote:
> Hello,
>
> I have this network diagram....
>
> H.H.H.H
> eth0 eth1
> Z.Z.Z.Z
> (INTERNET) ---------- FIREWALL---------SWITCH---------(DMZ)
>
> where....
>
> eth0 and eth1 is valids IP address in diferents subnets
>
> eth0 X.X.X.X/248 ...firewall and router subnet
> eth1 X.X.X.X/240 ....my dmz
>
> H.H.H.H smtp1
> Z.Z.Z.Z smtp2
>
>
>
> I want...
> .....a VIP address that respont to my 2 mail servers(duh)...
> .....that my FIREWALL act as the DIRECTOR but using "direct routing" or
> "ip tunneling" (with nat this works fine).
> Is it possible?
> I did some tests and when the datagram back to source IP, it stop
> in eth1 with "martian source" error.
I take it the problem here is that your Real Servers are
using the Linux-Director/Firewall as the default gatway.
This works wonderfully with NAT, and is actually a requirement,
but for DR the return packets are discarded by the
Linux-Director/Firewall as they look like martians (packets sent
from the Linux-Director/Firewall via the Linux-Director/Firewall).
Try looking in the HOWTO for some info on martians.
I have never had much success with this myself,
but I believe that it can be made to work.
--
Horms
|
