I have machines which I would like to multihome - attach to
several different networks. Doing that isn't quite trivial,
as we run IP source address verification at edges, and these two
(or more) machine interfaces end up at different allowed sets.
These machine do *not* route in between interfaces.
Used networks are also firewalled with statefull FW-1 (and/or
some similar), so that reply packets going wrong way will fail.
That is:
eth0: A.B.1.2/24 gw A.B.1.1
eth1: A.B.2.2/24 gw A.B.2.1
eth2: A.B.3.2/24 gw A.B.3.1
def-gw A.B.1.1
Locally initiated connections/streams go out via default-gw, but
incoming ones should send packets back via gateways related to the
interface they came in from.
TCP connections are bound on interface address (or alias), so
finding return path should be trivial ?
UDP servers bound to fully specified interface addresses can
also find return paths, and ubound wild-cards do get what they
deserve..
Can this be done already with tools like ANK's IP, or do we need
some kernel development ?
/Matti Aarnio
|