[K12OSN] K12OSN a bit OT - how to make responses on the same interface request came in

"Terrell Prudé Jr." microman at cmosnetworks.com
Wed Nov 5 15:56:33 UTC 2008

OK, this still sounds like a classic routing issue, in this case, on 
server A's part.

 From what I can gather, server A's eth2 must use a cable connection 
with a static IP, and you're using a static NAT entry to translate that 
192.168.x.x IP address to that globally routable static IP.  That's the 
only way that packets of any sort could enter eth2 from the outside, 
which it sounds like is what's happening here.

Actually, the way I'd do it is to eschew trying to connect to server A's 
eth2 at all and just connect to eth1, which sits on that fractional T1. 

If you're concerned about bandwidth on that fractional T1, then looks 
like it's time to upgrade that fractional T1 to maybe a full T1 or 
possibly another type of connection.  My cable modem (with a static IP, 
no less) has a speed of 5Mbps down, 2Mbps up, which is faster than even 
full T1 speeds, and much less money.

Furthermore, I'd make the default route for server A going out eth1, not 
eth2--otherwise, there's no point to even having the fractional T1 in 
the first place.  That's just money wasted.

If my understanding's off here, then is there any way you could do up a 
diagram and PM it to me?  No sense in cluttering the list with graphics.

Do you GNU <http://www.gnu.org>?
Microsoft Free since 2003 <http://www.cmosnetworks.com>--the ultimate 
antivirus protection!

Julius Szelagiewicz wrote:
> Terrell,
> 	Thank you for the speedy response. I see that I made my usual
> mess when asking a simple question, so I'll try to to clean it up:
> server A: eth1 routable public address 74.x.x.x, frac T1,
> 	eth2 cable non-routable address 192.168.x.x, fast, default route
> 	openvpn run as server and client
> server B: eth1 cable, non routable 10.10.x.x
> 	openvpn run as client only
> server C: eth1 routable public address 65.x.x.x
> 	openvpn run as server and client
> server D: eth1 routable public address 216.x.x.x
> 	openvpn run as server
> server A connects as openvpn client to server D using default route and
> to server C on 65.x.x.x using eth2 by the way of a simple ip route add command.
> server B connects as openvpn client to server C on 65.x.x.x
> server B needs to connect as openvpn client to server A on 74.x.x.x, this
> fails because on server A the UDP packets come on eth2, but responses go
> on eth1. The address of server B is private (ISP provided) and changes
> dynamically.
> 	What do I do to make server B connect to server A using openvpn?
> I hope that is clearer. Btw, your answer is spot on for the question I
> asked instead of the question I meant to ask.
> julius
> On Thu, 30 Oct 2008, [ISO-8859-1] "Terrell Prud? Jr." wrote:
>> Julius Szelagiewicz wrote:
>>> Dear Folks,
>>> 	I am somewhat stumped with a simple networking scenario:
>>> eth0 - internal,
>>> eth1 - external fast, dhcp non-routable, default route,
>>> eth2 - external public address not very fast.
>>> 	I am using openvpn and for connections to other servers I can
>>> easily specify which interface to use. What I need to do is to connect to
>>> openvpn server process on eth2. Unfortunately packets come in on eth2 but
>>> travel out on eth1 - default. Source based routing is no help, since I am
>>> not just passing the packets based on the incoming interface, but I'm
>>> trying to push responses on eth2. Essentialy, on receipt on eth2 of an UDP
>>> packets on port 1194 I need to answer with UDP packet om port 1194 on
>>> eth2.
>>> 	The computers trying to connect have only private addresses from
>>> cable ISPs.
>>> 	Any suggestions? Please ...
>>> julius
>> What I'd do is make a static route for this OpenVPN server, pointing to
>> eth2's next hop.  Something like this:
>>   thedude at linuxbox# route add -host w.x.y.z gw a.b.c.d
>> where w.x.y.z is the OpenVPN box that you want to talk to, and a.b.c.d
>> is eth2's next-hop router.  Now, if you have a bunch of OpenVPN boxes in
>> the same subnet that you have to talk to--for example, the
>> network, I'd do it like this:
>>   thedude at linuxbox# route add -net netmask gw
>> a.b.c.d
>> where, again, a.b.c.d is eth2's next hop.
>> --TP
>> _______________________________
>> Do you GNU <http://www.gnu.org>?
>> Microsoft Free since 2003 <http://www.cmosnetworks.com>--the ultimate
>> antivirus protection!
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20081105/003f7bc3/attachment.htm>

More information about the K12OSN mailing list