Lee,
The answer is yes, if I understand your question correctly. RainWall 1.5's
Symmetric Routing feature should allow this to work. In that case, your
diagram would look like this:
ISP A ISP B
| |
T1 xDSL
| |
Router Router
193.193.193.1 194.194.194.1
| |
193.193.193.2 194.194.194.2
RainWall A RainWall B
(NAT) (NAT)
192.168.1.1 192.168.1.2
\ /
\ /
192.168.1.100 (Virtual IP)
|
LAN
|
Web Server
192.168.1.3
(default gateway is 192.168.1.100)
Each RainWall node will statically NAT a public address to the web server.
So even though the web server only has one private IP address, it will
appear to the world as both 193.193.193.5 and 194.194.194.6. (Note:
RainWall by itself is not performing the NAT. I'm assuming each RainWall
node is also a FW-1 server, which is doing the NAT.) With Symmetric Routing
turned on, RainWall will make sure that a connection that comes in via ISP A
also goes out via ISP A.
-Mark
> -----Original Message-----
> From: Lee Hughes
> Sent: Monday, November 06, 2000 12:37 PM
> Subject: RE: [FW1] Multiple WAN Links.
>
> Will the Rainwall help me in this configuration..
>
> ISP A ISP B
> | |
> T1 xDSL
> | |
> Router Router
> 193.193.193.1 194.194.194.1
> |
> LAN
> |
> Web Server
> 193.193.193.5 / 194.194.194.6
>
> So, I have a web server , It's got dual IP address of
>
> 193.193.193.5 and
> 194.194.194.6
>
> so, I need traffic to be always routed in a symertic way...
> i.e. if the first packet of a connection comes in from ISP A
> (connection to 193.193.193.5)
> it should always be routed back through ISP A. If a connection
> comes into the web server via ISP B (194.194.194.6) then it's
> routed back through ISP B
>
> I've cracked the load balacing bit for DNS, and it work's well,
> but if I define default routes on the web server,
> I've got no idea's which route the traffic is going to take on
> the return path....
>
> d/g 0.0.0.0 193.193.193.1
> d/g 0.0.0.0 194.194.194.1
>
> So, I rekon the operating system will route traffic in an
> unpredicatble way,
> it be really nice if connections to 194.194.194.6 port 80,
> were routed back
> via the 194.194.194.1 router, but my ip knowlage tell's me that's not
> going to really happen, as routing is done at network level,
> and does not
> take into consideration the source IP address when replying....
> or does it??? I've not tested it...but this article look like
> doom and gloom
> to this idea...
>
>
> is there anyway I can tell the operating system to route
> symetric way?..
> (i.e. the source address of a returning IP packet's is linked to the
> gateway choosen to route the actually traffic)
>
> The only way I can think around it, is to add static routes
> (detrimined from the source IP of the incomming connection).
> this could be dangerous for my web server's heath, I'd rather
> have just
> two default gateway, rather than add static router (around
> 80,000) :-(.
>
> Now, running BGP-4 not going to help me really, I'm looking
> for low cost
> fault tollerance, which can be done with out /22 /24 block,
> and expensive
> bgp-4 routers......
>
> hope you guy can help.
> Cheers,
> Lee
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
