Two Networks on one System

[Jon Radel]

On 6/20/11 8:32 PM, Jerome Herman wrote:

>> pass in on nic_a reply-to ($nic_a $gw_a)
>> pass in on nic_b reply-to ($nic_b $gw_b)
>  From what I understand, there are two different ISP providing access to
> two different interfaces. In this case I am very concerned with all the
> bizarre things that a reply-to might trigger.
> What I mean is that nothing guarantees that a distant address will
> access the box from the same interface every time.

Who cares?  The interfaces have different addresses so any traffic that 
belongs together will go to only one interface.  It's not like machines 
out there will alternate packets to two different destination IP 
addresses.  They might alternate "connections," for a very broad 
definition of "connections," but that shouldn't present a problem.

As for the rest, I think you're going waaaaaayyyyy beyond what the OP 
described as his problem:  Setup two interfaces with different addresses 
which make use of different gateways as the addresses belong on 
different networks.  Allow traffic to go to one address on one network 
until DNS glue records are changed and traffic starts going to a second 
address on a second network.

I would suspect that he has stateful firewalls and/or anti-spoofing 
rules upstream from him that keep him from replying to everything out a 
single interface.  If it weren't for that, I suspect we wouldn't be 
having this discussion.

--Jon Radel
jon at radel.com