What is required in order to force a Windows 2000 host to always route
outbound IP packets to the same interface that they came in on? We have
a mail server that we want to connect to two different ISP networks
simultaneously, and for this to work as we want it to, outbound packets
should go back through the same ISP network they came in.

--
Will
westes AT earthbroadcast.com

Outbound traffic will follwing the routing table which in W2K can contain only
one active default gateway at a time. You can configure specific routes if you
do not want that traffic to go to the default gateway. Use "route print" to view
the routing table. I noticed that Linksys has a new nat router that can use two
ISP connections at the same time to balance internet traffic if something like
that would help. --- Steve

http://www.linksys.com/products/prod...id=29&prid=589

"CHANGE USERNAME TO westes" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> What is required in order to force a Windows 2000 host to always route
> outbound IP packets to the same interface that they came in on? We have
> a mail server that we want to connect to two different ISP networks
> simultaneously, and for this to work as we want it to, outbound packets
> should go back through the same ISP network they came in.
>
> --
> Will
> westes AT earthbroadcast.com
>
>

I don't need to load balance at all, so that isn't the issue.

Route tables won't help here. I don't need to make decisions based on
where the packet is *going*. I need to make decisions based on which
interface the packet *arrived from*.

Is there any firewall I could run on a Windows 2000 host that would let me
affect routes based on which interface a packet arrives on?

--
Will
westes AT earthbroadcast.com



"Steven Umbach" <(E-Mail Removed)> wrote in message
news:yFwpc.8361$qA.921291@attbi_s51...
> Outbound traffic will follwing the routing table which in W2K can contain
only
> one active default gateway at a time. You can configure specific routes if
you
> do not want that traffic to go to the default gateway. Use "route print"
to view
> the routing table. I noticed that Linksys has a new nat router that can
use two
> ISP connections at the same time to balance internet traffic if something
like
> that would help. --- Steve
>
> http://www.linksys.com/products/prod...id=29&prid=589
>
> "CHANGE USERNAME TO westes" <(E-Mail Removed)> wrote in
message
> news:(E-Mail Removed)...
> > What is required in order to force a Windows 2000 host to always route
> > outbound IP packets to the same interface that they came in on? We
have
> > a mail server that we want to connect to two different ISP networks
> > simultaneously, and for this to work as we want it to, outbound packets
> > should go back through the same ISP network they came in.
> >
> > --
> > Will
> > westes AT earthbroadcast.com
> >
> >
>
>

Hi Will.

Not that I know of. W2K uses the routing table to make those decisions. --- Steve


"CHANGE USERNAME TO westes" <(E-Mail Removed)> wrote in message
news:FaGdndYqSbWbOzrdRVn-(E-Mail Removed)...
> I don't need to load balance at all, so that isn't the issue.
>
> Route tables won't help here. I don't need to make decisions based on
> where the packet is *going*. I need to make decisions based on which
> interface the packet *arrived from*.
>
> Is there any firewall I could run on a Windows 2000 host that would let me
> affect routes based on which interface a packet arrives on?
>
> --
> Will
> westes AT earthbroadcast.com
>
>
>
> "Steven Umbach" <(E-Mail Removed)> wrote in message
> news:yFwpc.8361$qA.921291@attbi_s51...
> > Outbound traffic will follwing the routing table which in W2K can contain
> only
> > one active default gateway at a time. You can configure specific routes if
> you
> > do not want that traffic to go to the default gateway. Use "route print"
> to view
> > the routing table. I noticed that Linksys has a new nat router that can
> use two
> > ISP connections at the same time to balance internet traffic if something
> like
> > that would help. --- Steve
> >
> > http://www.linksys.com/products/prod...id=29&prid=589
> >
> > "CHANGE USERNAME TO westes" <(E-Mail Removed)> wrote in
> message
> > news:(E-Mail Removed)...
> > > What is required in order to force a Windows 2000 host to always route
> > > outbound IP packets to the same interface that they came in on? We
> have
> > > a mail server that we want to connect to two different ISP networks
> > > simultaneously, and for this to work as we want it to, outbound packets
> > > should go back through the same ISP network they came in.
> > >
> > > --
> > > Will
> > > westes AT earthbroadcast.com
> > >
> > >
> >
> >
>
>

Understood. And firewalls like Checkpoint that use Windows IP routing are
subject to playing by Windows' rules. But is there a firewall that does
*not* use Windows IP routing, that maybe implements its own IP stack, and
can do much fancier kinds of routing based on rulesets?

--
Will
westes AT earthbroadcast.com


"Steven L Umbach" <(E-Mail Removed)> wrote in message
news:fVOpc.61230$xw3.3613046@attbi_s04...
> Hi Will.
>
> Not that I know of. W2K uses the routing table to make those
cisions. --- Steve

It isn't "Windows Routing",....there is no such thing anyway.

It is TCP/IP routing, and it is across the board for all products. What you
see is simply the way TCP/IP Routing works.

The reason some devices do what you describe is because of packet processing
abilities that go beyond Layer3 routing, so it is *not* "routing" that you
are descibing.

"CHANGE USERNAME TO westes" <(E-Mail Removed)> wrote in
message news:(E-Mail Removed)...
> Understood. And firewalls like Checkpoint that use Windows IP routing
are
> subject to playing by Windows' rules. But is there a firewall that does
> *not* use Windows IP routing, that maybe implements its own IP stack, and
> can do much fancier kinds of routing based on rulesets?

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Phil, when I say "Windows Routing" what I more precisely mean is the
Microsoft Windows 2000 implementation of IP routing.

Most IP stack implementations provide for a default outgoing route. But
there is nothing in the RFCs that would prevent a vendor from implementing
an option on an IP stack implementation something like "send outbound
packets on same interface as incoming". Moreover, one could imagine an
implementation where each interface has its own routing table. That would
be very useful for some applications.

Regarding going beyond layer 3: Checkpoint's firewall does modify packet
headers based on higher levels of abstraction than IP. But what many
people don't realize is that Checkpoint just re-uses the standard Windows
2000 routing when it finally delivers a packet to an interface. That is
the source of a lot of hassle by the way, since you end up having to create
static arp entries for each of the incoming IP addresses that the firewall
will service.

In any case, it doesn't matter to me whether a box uses its own IP stack, or
whether it uses the standard Windows 2000 IP stack and uses higher level
abstractions to change the source IP to make the packet look like it came
from a different host based on the interface the original packet arrived at.
I just want to find a solution to a specific problem.

--
Will
westes AT earthbroadcast.com



"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> It isn't "Windows Routing",....there is no such thing anyway.
>
> It is TCP/IP routing, and it is across the board for all products. What
you
> see is simply the way TCP/IP Routing works.
>
> The reason some devices do what you describe is because of packet
processing
> abilities that go beyond Layer3 routing, so it is *not* "routing" that
you
> are descibing.
>
> "CHANGE USERNAME TO westes" <(E-Mail Removed)> wrote in
> message news:(E-Mail Removed)...
> > Understood. And firewalls like Checkpoint that use Windows IP routing
> are
> > subject to playing by Windows' rules. But is there a firewall that
does
> > *not* use Windows IP routing, that maybe implements its own IP stack,
and
> > can do much fancier kinds of routing based on rulesets?
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>

"CHANGE USERNAME TO westes" <(E-Mail Removed)> wrote in
message news:EMydnfwIJ9W5cTXdRVn-(E-Mail Removed)...
> In any case, it doesn't matter to me whether a box uses its own IP stack,
or
> whether it uses the standard Windows 2000 IP stack and uses higher level
> abstractions to change the source IP to make the packet look like it came
> from a different host based on the interface the original packet arrived
at.
> I just want to find a solution to a specific problem.

I understand. Well, I don't think there is a solution within the parameters
you are looking for a solution. However, I don't have any past messages from
this thread, so I really don't have any "context" or description of your
situation.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

I have one mail server that I want to make look like two different hosts,
each with unique MX records. Each MX record corresponds to a public IP
address on a different ISPs network. Outside hosts will initiate sessions
to our server on the two different IP addresses. I need to make sure that
any packets returned by the mail server go back out on the same interface
they came in.

--
Will
westes AT earthbroadcast.com


"Phillip Windell" <@.> wrote in message
news:%(E-Mail Removed)...
>
> "CHANGE USERNAME TO westes" <(E-Mail Removed)> wrote in
> message news:EMydnfwIJ9W5cTXdRVn-(E-Mail Removed)...
> > In any case, it doesn't matter to me whether a box uses its own IP
stack,
> or
> > whether it uses the standard Windows 2000 IP stack and uses higher level
> > abstractions to change the source IP to make the packet look like it
came
> > from a different host based on the interface the original packet arrived
> at.
> > I just want to find a solution to a specific problem.
>
> I understand. Well, I don't think there is a solution within the
parameters
> you are looking for a solution. However, I don't have any past messages
from
> this thread, so I really don't have any "context" or description of your
> situation.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>

"CHANGE USERNAME TO westes" <(E-Mail Removed)> wrote in
message news:KeOdnaHRvZZIpjfdRVn-(E-Mail Removed)...
> I have one mail server that I want to make look like two different hosts,
> each with unique MX records. Each MX record corresponds to a public IP
> address on a different ISPs network. Outside hosts will initiate
sessions
> to our server on the two different IP addresses. I need to make sure
that
> any packets returned by the mail server go back out on the same interface
> they came in.

That won't happen. It doesn't need to happen either, it's kind of pointless
with a mail server anyway. Outbound traffic is always anonymous between your
mail server and the destination mail server. The only important thing is
that the mail server response to Incomming on the same IP# listed in the MX
record. You can also make the mail server look like "two hosts" by having
both MX records point to the same IP# incomming. Worrying about what IP# is
being used in either direction is really the wrong approach.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com