On Fri, Mar 04, 2005 at 10:29:41AM -0300, Elton Ramos Carvalho wrote:
Hello,
I have this network diagram....
H.H.H.H
eth0 eth1
Z.Z.Z.Z
(INTERNET) ---------- FIREWALL---------SWITCH---------(DMZ)
where....
eth0 and eth1 is valids IP address in diferents subnets
eth0 X.X.X.X/248 ...firewall and router subnet
eth1 X.X.X.X/240 ....my dmz
H.H.H.H smtp1
Z.Z.Z.Z smtp2
I want...
.....a VIP address that respont to my 2 mail servers(duh)...
.....that my FIREWALL act as the DIRECTOR but using "direct routing" or
"ip tunneling" (with nat this works fine).
Is it possible?
I did some tests and when the datagram back to source IP, it stop
in eth1 with "martian source" error.
I take it the problem here is that your Real Servers are
using the Linux-Director/Firewall as the default gatway.
This works wonderfully with NAT, and is actually a requirement,
but for DR the return packets are discarded by the
Linux-Director/Firewall as they look like martians (packets sent
from the Linux-Director/Firewall via the Linux-Director/Firewall).
Try looking in the HOWTO for some info on martians.
I have never had much success with this myself,
but I believe that it can be made to work.
