I have been struggling for a week with what I believe to be a simple routing issue. I could really use some help.
In summary, I cannot seem to get DNAT to work when I have multiple gateways on my Vyatta Router, as my return traffic does not reliably use the same interface that it came in on. I end up with split traffic, with a connection coming in from one of my connections returning along another, with the result that nothing works.
I cannot believe that this cannot be solved!
A bit more detail is now required:
I have a Vyatta router running as a vmware virtual machine (VR1).
I have 3 ADSL connections. Vyatta CE does not allow me to connect these directly to Vyatta, so each of these 3 ADSL connections terminate on a simple Netgear Hardware router DG384 - one for each ADSL connection - call them WAN1, WAN2 and WAN3.
I have three webservers, S1, S2 and S3. (edit: these 3 webservers are for completely different sites. They are not a cluster)
I want to DNAT web traffic (port 80 and 443) that comes in on WAN1 to S1,
and DNAT port 80 and 443 traffic coming in on WAN2 to S2,
and port 80 and 443 traffic coming in on WAN3 to S3.
I want to send all traffic from WAN1, WAN2 and WAN3 to my VYATTA VR1, and have the VR1 DNAT the connections to each of S1, S2 and S3 based on which interface the traffic came in.
This much is working fine.
The problem is that the return traffic from S1, S2 or S3 goes to VR1, and VR1 has 3 gateways. VR1 then selects an outgoing gateway AT RANDOM, so that, 2/3 of the time, my connection fails because the return traffic does not emanate from the same IP that the incoming request was directed to.
In linux this problem is solved using this method: http:/
However, as VYATTA works with these same settings, changes I make directly are either ignored or replaced on next configuration commit. I need to be able to solve the problem within the Vyatta framework.
So, does anyone who uses Vyatta have a similar setup? How do you solve this problem?