Reply to: Anyone setup multihomed networking on WinXP?

Well so much for the KIA kia.

Wohoo, got the ****er working - the key was in Source NAT definition, just one line in iptables config

Thanks all for trying to help, your comments lead me onto the right track, cheers!

I tried it, and I think proxy is what I need, but it did not work - it was run successfully shown to be listening on port but I could not connect to it, and other proxy did not work either maybe it is some kind of protection on the linux box, no idea as I did not build it myself, fking annoying that Linux is only great if you know inside outs.

I am not reading into iptables that I use there for routing, http://www.netfilter.org/documentati...T-HOWTO-3.html - SNAT is exactly what I need, I think I will ignore proxies since they may not even scale to loads that I will put through them where as iptables should be very scalable.

AtW in "aggro" mode.

At least on the Linux box you can try the application proxy:

http://quietsche-entchen.de/cgi-bin/...oxies/TcpProxy

e.g.:

22.33.44.55 is visitor IP
192.168.7.50 is Linux
192.168.7.100 is final destination host

**********

SRC 22.33.44.55:45678
DST 80.33.22.xx:80

[SMC BOX: Port forward on SMC to 192.168.7.50 Linux Box]

SRC 22.33.44.55:56789
DST 192.168.7.50:80

[LINUX BOX: TCPPROXY on Linux, forward to final host]

SRC 192.168.7.50:34567
DST 192.168.7.100:80

***********

192.168.7.100 will know to route 192.168.7.0/24 back through the 192.168.7.100 interface (add static route if it doesn't)

There appears to be two kinds of NATs - both will hide your IP and remap it in real time, but some will also hide SOURCE IP.

I thought that would have worked but it did not, I will try again however.

I tried RIP, it did not work and should not work - my software knows exactly which path is best and it tells clients to connect on one or the other line, that's how I do load balancing (which is not 50-50 split btw).

Pulled old Linux server and of course it had hardware issue - thing was beeping without loading, so reused another box, loaded fine but seems it now shows same problem as if I did not use it, looks like it does not actually hide SOURCE IP, which is precisely the problem, ffs, I dont understand why it all worked before - I used BT ADSL router on the other line though, maybe it was hiding IPs properly??!?! I am not happy chappy now

Would the problem be solved if you could bind each instance of the application to only one adapter?

There is also a RIP-1 listener in Windows XP, to allow it to update it's routing table accordingly, that's if the SMC router can advertise the fact that it's the best return path for an inbound packet it's just processed.

shirley you only need to NAT one of the interfaces

NAT32.com cheap software appears to do the job, but I could not configure demo version of it - as we both know in networking the only thing that I know well is latency, the rest is dark forest for me. I now pulled my old Linux router box (used to be my PC: P3 600), the only reason I would consider small hardware router is due to space/power savings, but at 700 quid quoted on Ebay there is no chance I am buying it: Cisco == rip off.

If you come up with any other ideas, then please post here - I am sure problem will go after I get Linux box running again, but I would still want to avoid using it, asked question to NAT32 guy, maybe he will help (I said I will buy his software if he can guarantee it will work in my config).

£700 would be a massive rip off for one of those.

But I see your point, not really anything out there that'll come in cheap that will support three discrete interfaces (Which is what you're after, as opposed to a bolted on hub).

LOL, this PIX 515E is like £700+ on ebay, definately out of question! I'll go get old linux router for now, at least to get it working, and I was hoping I would not need to use it. Stupid internet routing - they should be default route via same interface on which request was received.

I've got supposedly NAT router - SMC Barricade 7008BR, but it is only NAT from outside, how do I know which routers are proper full NAT including from inside - this seems to be the solution that I need.

I've checked all connections and know they work fine - I have "test environment" in form of a laptop with 2 cards - network + WiFi, when I remove one all works, but with two it won't (unless I setup both default gateways but I can't do that on production box), the issue here is that the Source IP from which requests comes via my router is WAN IP, thus on a machine with 2 such interfaces the damn thing won't know that it should route via same interface - it will stick to single default gateway for WAN addresses.

The load balancing is controlled by my server (it knows how much goes through each line and instructs clients to connect to one or the other line, so this is sorted - in effect I don't want any other load balancing as mine works fine).

I am going to try NAT32 again, maybe made a mistake, then pull old PC/Linux router with which it all worked (it must be fully NATting it), but I would prefer to buy small hardware router that I know would work - so any names would be great, but please no CISCO stuff, I ain't millionaire yet!

Complex configs are fine on the internet, if you were talking BGP or had better internal infrastructure (ie. money). You're trying to do it on the cheap so it get's hard.

Easiest solution is to get a NAT router/firewall and sit it in between your external and your internal devices. NAT from outside to inside - this will mean that the NAT firewall records the conversations and passes traffic back out the interface it recieved it on - something like a PIX 515E off ebay should do the trick, or any firewall of your choice - might prefer the gui on a netscreen or checkpoint, should all do the trick.

Your inside to outside initiated traffic won't load balance probably but doesn't seem like that's a major conern.

Also before we shoot off too far down this road - you've checked each connection on it's own with the other off to verify they're working properly?

I have dynamic software load balancing and I don't want any other load balancers because they won't do the job as good as I want to. Also my config worked before so I just want to repeat it.

The server expects incoming connections, so as long as response to these connections gets routed correctly (and it does not now because there can be only one default gateway for Internet addresses as they can't be subnetted) I a happy.

Noddy: this pf thing seems to be for linux only, I am using Windows. The whole point is to avoid using separate box which I do have (previously used Linux router with which all worked fine), but I really don't want to unless it is totally necessary.

Whoever designed crappy routing protocol for internet should be spanked very hard - why they never think of complex configs like multiple NICs? Just wtf can't response to already initiated request be routed via same interface on which it was received, ffs, this is so obvious it makes my blood boil!

pfsense is the way to go with multiple WANs:

http://www.pfsense.com/index.php?id=36

Requires a dedicated machine, but can potentially replace two NAT routers; and allow all machines on your LAN to benefit from the extra bandwidth.

If the intention is to load balance, is there not a better way? I seem to remember years ago looking at a router that would connect to two regular run of the mill broadband connections (i.e. with different external IPs) and then NAT that onto your network. In that case the router would keep track of which connection came via which interface, which is exactly what you need.

I think that NAT approach will work for incoming, but if you ever have outgoing connections they're always going to take the default route.