[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] K12OSN a bit OT - how to make responses on the same interface request came in



OK, this still sounds like a classic routing issue, in this case, on server A's part.

>From what I can gather, server A's eth2 must use a cable connection with a static IP, and you're using a static NAT entry to translate that 192.168.x.x IP address to that globally routable static IP.  That's the only way that packets of any sort could enter eth2 from the outside, which it sounds like is what's happening here.

Actually, the way I'd do it is to eschew trying to connect to server A's eth2 at all and just connect to eth1, which sits on that fractional T1. 

If you're concerned about bandwidth on that fractional T1, then looks like it's time to upgrade that fractional T1 to maybe a full T1 or possibly another type of connection.  My cable modem (with a static IP, no less) has a speed of 5Mbps down, 2Mbps up, which is faster than even full T1 speeds, and much less money.

Furthermore, I'd make the default route for server A going out eth1, not eth2--otherwise, there's no point to even having the fractional T1 in the first place.  That's just money wasted.

If my understanding's off here, then is there any way you could do up a diagram and PM it to me?  No sense in cluttering the list with graphics.

--TP
_______________________________
Do you GNU?
Microsoft Free since 2003--the ultimate antivirus protection!


Julius Szelagiewicz wrote:
Terrell,
	Thank you for the speedy response. I see that I made my usual
mess when asking a simple question, so I'll try to to clean it up:

server A: eth1 routable public address 74.x.x.x, frac T1,
	eth2 cable non-routable address 192.168.x.x, fast, default route
	openvpn run as server and client
server B: eth1 cable, non routable 10.10.x.x
	openvpn run as client only
server C: eth1 routable public address 65.x.x.x
	openvpn run as server and client
server D: eth1 routable public address 216.x.x.x
	openvpn run as server

server A connects as openvpn client to server D using default route and
to server C on 65.x.x.x using eth2 by the way of a simple ip route add command.

server B connects as openvpn client to server C on 65.x.x.x

server B needs to connect as openvpn client to server A on 74.x.x.x, this
fails because on server A the UDP packets come on eth2, but responses go
on eth1. The address of server B is private (ISP provided) and changes
dynamically.

	What do I do to make server B connect to server A using openvpn?

I hope that is clearer. Btw, your answer is spot on for the question I
asked instead of the question I meant to ask.

julius



On Thu, 30 Oct 2008, [ISO-8859-1] "Terrell Prud� Jr." wrote:

  
Julius Szelagiewicz wrote:
    
Dear Folks,
	I am somewhat stumped with a simple networking scenario:
eth0 - internal,
eth1 - external fast, dhcp non-routable, default route,
eth2 - external public address not very fast.
	I am using openvpn and for connections to other servers I can
easily specify which interface to use. What I need to do is to connect to
openvpn server process on eth2. Unfortunately packets come in on eth2 but
travel out on eth1 - default. Source based routing is no help, since I am
not just passing the packets based on the incoming interface, but I'm
trying to push responses on eth2. Essentialy, on receipt on eth2 of an UDP
packets on port 1194 I need to answer with UDP packet om port 1194 on
eth2.
	The computers trying to connect have only private addresses from
cable ISPs.
	Any suggestions? Please ...
julius

      
What I'd do is make a static route for this OpenVPN server, pointing to
eth2's next hop.  Something like this:

  thedude linuxbox# route add -host w.x.y.z gw a.b.c.d

where w.x.y.z is the OpenVPN box that you want to talk to, and a.b.c.d
is eth2's next-hop router.  Now, if you have a bunch of OpenVPN boxes in
the same subnet that you have to talk to--for example, the 44.55.66.0/24
network, I'd do it like this:

  thedude linuxbox# route add -net 44.55.66.0 netmask 255.255.255.0 gw
a.b.c.d

where, again, a.b.c.d is eth2's next hop.

--TP
_______________________________
Do you GNU <http://www.gnu.org>?
Microsoft Free since 2003 <http://www.cmosnetworks.com>--the ultimate
antivirus protection!


    


_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
  

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]