Use NAT
inbound so that if the packet comes from Firewall 1 then the packet would be
Tagged with Firewall 1’s internal IP address. Same thing for firewall 2. That way, whichever firewall the packet goes through, the packet
will return through. This will
work but will put more of a load on the firewall.
Steven Zimmerman
CIO
IR Network Solutions
Office
Fax
-----Original
Message-----
From: Gunjan @ chat4help
[mailto:[email protected]]
Sent: Saturday, February 03, 2001
4:25 AM
To:
[email protected]
Subject: [FW1] 2 Firewall &
One DMZ
Hi,
We have
two WAN links (with diff. IP range) and my servers are in DMZ area, and I want
that request comming from both the Links goes to the same server in my DMZ, and
I'm doing NATting also(I don't think that there is any other way to do this ,
except NATting)
My
structure looks like this:
100.x.x.1
10.x.1 10.x.x.2
ISP1 ---- FW1 ------------| DMZ
|
|
LAN
| Server
|
|
ISP2 ---- FW2 ------------| here
200.x.x.1 10.x.10
On my DMZ server I specify defalut route from both the FW:
ie : route 0.0.0.0 10.x.x.1 AND route 0.0.0.0 10.x.x.10
Now I saw strange behaviour, some time request commig from FW1 lost or some
time from FW2 lost.
What could be the reason of this? As I could understand that if request
come from FW1 with the real IP (not 10.x.x.) and replies might goes back from
FW2
(b'cuz system have two default route) then It lost because FW2 does not
have any entry for this request, and don't reaches to the client.(because
request for this is on FW1)
I'm accessing Database in my DMZ.
Can we
fix the route for a particular request/session, if request comming from FW1
then reply should goes out only from the route (FW1), not from the other
route (FW2).
How can I solve this problem?
Thanks
Gm