On Wed, 4 Apr 2001, Charles Galpin wrote:
>
>
> On Wed, 4 Apr 2001, Jonathan Wilson wrote:
>
> > Hey,
> >
> > We have a server that I'd like to set up to start using our new T1 as
> > a gateway, but we have it running CVS on our ISDN line still. I
> > thought that if I switched the gateway it could still receive
> > connections from the ISDN line but for some reason is cannot, so I
> > have to leave the gateway set to ISDN.
>
> You should still be able to recieve connections thru the ISDN line. The
> gateway just determines which route outgoing packets will take.
>
> You will have to give us more info about your interfaces, and what's goign
> wrong, because this should work fine.
>
> charles
>
The problem may be that the packets are going out the other interface,
and being rejected by the firewall on the other end because they are
comming from the wrong IP address. (The interfaces do have different IP
addresses, right?)
I do not know iptables yet, but I could see of doing this with ipchains
would be to add a cheap Linux boe, or a router on the ISDN line that
will talk to the cvs box on one interface. It could be firewalled to
only accept cvs connections, and then masquarade the connections to a
specific IP to the cvs box. That way, you just have a route to the ISDN
router for that specific IP. You would want to use one of the private
IPs.
Say the box on the end of the ISDN line had an IP of 192.168.5.1 on the
interface to the connected to the cvs box. It comes into the cvs box on
eth1, IP 192.168.5.2. Anything to 192.168.5.1 would go out eth1, and be
masquaraded back to the proper destination IP, and with the ISDN source
IP.
You may be able to bring the T1 and the ISDN line into one box, as long
as it isn't the cvs box. This "firewall" box would work as a router,
and could route the packets out one interface or another based on port
the packet is comming from inside the network. Maybe you could do the
same thing if you set up your firewall rules to route all cvs quaries
from the ISDN line through the loopback interface (127.0.0.1). That
way, you could use the forwarding rules to deside the interface to use.
I have not tried this, so I do not know if it would work. I am just
putting out some ideas hoping someone else with more experence in this
area can build on them.
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
