0

I try to Forward a Port from an Anycast IP (111.111.111.111), which has multiple POP's and the Port should be then forwarded to a single Unicast IP (10.0.0.1).

All of them are reachable over a VPN, for forwarding the traffic.

There is a service listening on 10.0.0.1.

My issue is, usually you send the Traffic back to a single fixed IP, but what if the Traffic comes from 10.0.0.2 or 10.0.0.3? and not 10.0.0.4 I have configured it with. How do I configure that without multiple interfaces on 10.0.0.1.

Stuff like this:

ip rule add from <interface_IP> dev <interface> table isp2
ip route add default via <gateway_IP> dev <interface> table isp2

Is not going to work, to send the data back. Since the IP it came from could be any of them. Any idea?

Ne00n
  • 11
  • 3
  • You've reversed SNAT and DNAT. But what are you talking about multiple RFC1918 addresses? This part isn't making any sense. – Michael Hampton Apr 30 '18 at 21:14
  • Ups, I pasted the incorrect one into it, sorry. I just a single AnycastIP. – Ne00n Apr 30 '18 at 21:21
  • so are 10.0.0.2 and 10.0.0.3 internal IPs of "instances" of those anycast servers? can you add two examples from two internet clients connecting via two pops to the final server, with all IPs involved, to give a clear view? – A.B Apr 30 '18 at 21:23
  • 111.111.111.111 is the Public AnyCast IP, all inside the VPN are normal IP's, all servers are connected to the VPN. In this case 10.0.0.1 is he Server where the Port should be forwarded to, 10.0.0.2, 10.0.0.3 and 10.0.0.4 are the AnyCast boxes reachable over the VPN directly with a Unicast IP. Basically the Port should be forwarded from any 111.111.111.111 box over (10.0.0.2/3/4) to 10.0.0.1. – Ne00n Apr 30 '18 at 21:31

0 Answers0