Reverse Proxy or Source Natting.

Everything on either of the connections gets Pinholed as normal, but
instead of going direct to the servers, It goes to a new linux box.

That linux box does source Natting, and forwards to the applicable server.

The down side to this, is that every request sent to the servers will
appear as tho it is comming from the IP address of the LinuxSourceNat box.

I have done this before, but the box that has it on has just been pulled
out and about to be couriered back to Auckland so i cant steal the
iptables script. I wont embaras myself by trying to write it again, it
would probably be wrong.

Cheers

Rob

> Sorry for not replying to the list (slaps head), been in Ctrl R, Type,
> Send
> Mode all day.
>
> I don't know that there is a way around it. We have a similar setup at
> work
> (Wired Country and ihug). Same situation except we're publishing
> mail/https.
> You do need to route the outgoing connection through the ip/connection it
> came in on.
>
> Unless you had some form of router/proxy behind both connections and then
> that goes to your lan. Though that would be getting a little beyond my
> depth, so I'll leave it to the rest of the capable minds on this list.
>
> Cheers,
> -Jeff
>
> -----Original Message-----
> From: owner-adsl@unixathome.org [mailto:owner-adsl@unixathome.org] On
> Behalf
> Of Tony Paterson
> Sent: Tuesday, 31 August 2004 6:34 p.m.
> To: Mailing List ADSL (E-mail)
> Subject: RE: Two ISPs, two static IPs and two servers
>
>
>
> That is exactly how I see the problem, I have an idea on how to get around
> it in this situation, but all my other ideas have not panned out so any
> suggestions welcome.
>
> Thanks
>
> -----Original Message-----
> From: Jeff McLuckie [mailto:wasabi2k@paradise.net.nz]
> Sent: Tuesday, 31 August 2004 6:25 p.m.
> To: Tony Paterson
> Subject: RE: Two ISPs, two static IPs and two servers
>
>
> As dar as I know you cant have a box going out through a different gateway
> than the request came in, or the client receives an ack from an ip it
> never
> sent a syn to, hence no connection.
>
> The connection has to go in and out through the same gateway
>
> -----Original Message-----
> From: owner-adsl@unixathome.org [mailto:owner-adsl@unixathome.org] On
> Behalf
> Of Tony Paterson
> Sent: Tuesday, 31 August 2004 7:48 a.m.
> To: Mailing List ADSL (E-mail)
> Subject: Two ISPs, two static IPs and two servers
>
> Hi,
>
> My heads been running round in circles on this and just wanted to make
> sure
> that I was looking at it the right way.
>
> We already have a full rate JetStream connection and have just added Wired
> Country in order to get a second static IP and some redundancy.
>
>
> Current config:
>
> SonicWall FireWall/VPN
> - WAN, LAN and DMZ connections
>
> JetStream (Full rate)
> - Static IP
> - Nokia M1122
> - WAN side of SonicWall
> - HTTP/SSH etc point to Linux box
>
> WiredCountry
> - Static IP
> - DLink router
> - WAN side of SonicWall
>
> Linux Server
> - Using IPTables for routing
> - CVS, Apache etc
> - WAN side of SonicWall
>
> Windows Server
> - HTTPS
> - LAN side of SonicWall
>
>
> Problem:
> The default gateway for the linux box is the JetStream connection, and the
> default gateway for the SonicWall is also the JetStream connection. This
> scenario has been working fine.
>
> If I put a web server on the WAN side of the SonicWall and set it's
> default
> gateway to the DLink/WiredCountry connection and set it up as a "Virtual
> Server"/NAT it works fine and is accessible from the Internet. If I create
> another "Virtual Server" on the WiredCountry/DLink connection, which
> points
> to the linux box, it's not accessible from the Internet, and the same is
> true if I create a "Virtual Server" which points to a port on the
> SonicWall.
>
> My thinking is that this is all related to Default Gateways and I may need
> to setup another linux box to do NAT/masquerading etc.
>
> Basically I want to be able to point "Virtual Servers"/NAT from both
> JetStream and WiredCountry to the linux box - am I looking at this
> all-wrong.
>
> Any suggestions/ideas appreciated.
>
> Yours Tony P
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org
> with "unsubscribe adsl" in the body of the message
>
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org
> with "unsubscribe adsl" in the body of the message
>
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org
> with "unsubscribe adsl" in the body of the message
>
>

-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message