# Multiple Gateways / One Web Server



## dipdill (May 23, 2012)

After banging my head against a wall now for a few weeks... I need some help from some smarter people.

Here is what I have:

Gateway 1:
Nic 1 - 132.201.115.xxx (Natd interface to forward port 80 to 192.168.1.25)
Nic 2 - 192.168.1.1

Gateway 2: 
Nic 1 - 68.95.216.xxx (Natd interface to forward port 80 to 192.168.1.25)
Nic 2 - 192.168.1.2

Web server:
Nic 1 - 192.168.1.25

If I set the default gateway on the web server to 192.168.1.2 all traffic flows in and out of that gateway just fine.  Traffic from 192.168.1.1 goes dead and vice versa.

So after looking around I see there is an option to do multiple route tables if I compile it into the kernel.  My question is if I compile routetables into the kernel, how do I configure the server so that when it sees traffic from 192.168.1.1 to send it back to 192.168.1.1 and if it sees traffic from 192.168.1.2 to send it back to 192.168.1.2.

Also there is a network that has access to both interfaces.  Thatâ€™s where the real problem is at right now.  Otherwise I would just use route statements to route back to the appropriate gateway.

Thanks for the help.


----------



## pacija (May 23, 2012)

While there surely is a way to accomplish this by means of scripting acrobatics, i suggest you do as follows:

Obtain AS Number / IP address pool from LIR in your area (i got /24 for my company for 150 EUR per year)
Check with your providers if they would do BGP peering with you. If not, switch providers.
You will need two machines (for this purpose i use OpenBSD because OpenBGPD and PF but probably FreeBSD will be equally appropriate). One of them will be facing Internet and will have 3 interfaces: isp1, isp2 and DMZ. The other will be facing your LAN and will have 2 interfaces: LAN and DMZ. Firewalls' DMZ interfaces will be connected via switch which will connect web server as well. Both DMZ interfaces and the server will have public IPs from your pool.
Configure BGP and no NAT on Internet facing firewall. Configure NAT on LAN facing firewall.


----------

