Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 06 Jul 1999 10:33:10 -0700
From:      jbarbee@singular.com (John Barbee)
To:        freebsd-questions@freebsd.org
Subject:   unsual network topology doesn't work.
Message-ID:  <4.1.19990706101104.00bb0b30@server7.singular.com>
next in thread | raw e-mail | index | archive | help 
Hi,

I'm working on something that has this type of setup.

     |                  |
     | DSL1             | DSL0
     |                  |
   Netopia1           Netopia0
          \           /
           \         /
            \       /
          Netscreen (firewall)
               |
               |
            Unix Box
               |
          LAN Machines

o The Netopias each have their own public IPs.

o The Netopias are doing NAT but both redirect traffic destined for certain
ports to the Unix box, namely ftp, http, timbuktu ports.

o Internally Netopia1 is 172.31.0.2/16 and Netopia0 is 172.31.0.1/16.

o The Netscreen is functioning in "transparent" mode, which means it's
really acting as a bridge and filtering packets as they pass.

o The Unix box is multi-homed with 172.31.0.4/16 and 172.31.5.1/24.

o The LAN machines are all 172.31.5.x/24 using 172.31.5.1, the Unix box,
for their gateway.

o The reason behind all this we'll only have to change the default route on
the Unix box in order to fall back onto the second DSL line.

Here's the problem.
Let's say the default route of the Unix Box goes to Netopia0.  

From the WAN, you can reach the Unix Box just fine if you access it via
DSL0.  e.g. I fill in DSL0's public IP and get the index page on the Unix
Box's webserver.  In this case the incoming and outgoing paths are the same.

However, if you try and access the Unix Box via DSL1 in the same way,
you'll time out.  In this case the incoming and outgoing paths are different.

It is my understand (please let me know if I'm wrong) that packets don't
know anything other than their destination IP and port.  Each router merely
checks the header and passes the packet on.  Thus, there is no reason to
require the incoming and outgoing paths to be the same.  I don't understand
why this isn't working?

Does anyone have any insights into this setup?
Please let me know if I need to provide other information.

john.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990706101104.00bb0b30>