[clug] asymmetric routing

Miloska miloska at gmail.com
Wed Aug 26 07:14:29 MDT 2009

> I think this is a very interesting setup. Are you saying when packets going
> out
> first, they go through the default gateway, which leaves and
> arrive at
> through the tunnel using ISP1. The box with the public IP visits the website
> (say www.google.com),
> and traffic that is coming back from that website arrives at the same public
> IP box and is then routed to
> though ISP2 tunnel as a result of the static route on the public
> box. This solves the
> L3 problem perfectly since it is the same IP that is visiting the website.

In my setup the public IP is the BOX's public IP, just to make that
clear. For IPIP you also need public IPs for both side of the tunnel,
probably other tunnels (pptp?) can work from a NAT-ed range (BOX still
need public IP).

I'm quite suspicious that you don't have public IP on a 3G connection,
probably I'm wrong.

>> A NAT rule is needed in the BOX for, not in your local router.
> Why do I need though?  Would I be able to use DNAT on the public
> box?
> something like 'iptables -t NAT -A PREROUTING -d -j DNAT --to
>' ?

Probably this would work, in my setup I want to use 3 upload line and
2 download, an equal cost routes suits better for me.

> I have never used IPIP, since the computer doesn't have a 192.168.1(2).0/24
> network, how can I setup a tunnel involving those two?

What do you mean? These are private ranges, you can use them wherever
you want to. Any other tunneling protocol should work (pptp, ipsec), I
choose IPIP as probably it has the smallest overhead (no encoding,
just and extra IP header).

More information about the linux mailing list