From: Sam Vilain (sam_at_vilain.net)
Date: Wed Nov 07 2001 - 07:35:03 EST
An interesting point.
What you want is something like chroot() for the networking stack. Maybe
the iptables infrastructure has room for this.
Can't you do what you want by simply using two default routes? Then the
reply packets should be sent out whichever interface they came in on
(routed by virtue of their source IP address).
Sam.
On Wed, 07 Nov 2001 09:47:33 +0100
Ciaran Deignan <ciaran.deignan_at_netcelo.com> wrote:
>
>
> Hi All,
>
> I'm not on this list, please include me in any replies.
>
> I just saw the article on slashdot, and read the documentation.
> I haven't tried using the software.
>
> This looks very simple and well thought-out. However the
> first thing I wanted to do with it was to provide a service
> via two different ISPs.
>
> If I have two ISPs, I have two public addresses that terminate
> at my host. I can set up a virtual server listening on each address,
> and packets will be routed by my ISPs over their individual links.
> However my routing table will have one default route, so all my
> reply packets will return by one ISP. So a failure in that ISP
> will cause both addresses to be unuseable.
>
> I don't see how the virtual server implementation could help,
> actually, since this problem is deeply embedded in the
> networking architecture. But just in case I decided to send
> this mail in case you have any magical solutions...
>
> Thanks,
> Ciaran
>
> --
> +-----------------------------------------------------------------------+
> Ciaran Deignan Tel: (France) 04 38 49 87 27
> NetCelo, Managed Internet VPN http://www.netcelo.com/
>
> mailto: Ciaran.Deignan_at_netcelo.com
> +-----------------------------------------------------------------------+
>
>
This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:00 EDT