I have two ISPs (IS1 and IS2) and 2 Devil Linux boxes that act as (Shorewall based) routers/firewalls for both ISPs (DL1 and DL2).
These connect to a DMZ switch , where I have a CentOS based authentication server connected.
| | | |
| IS1 | | IS2 |
| | | |
| DL1 | | DL2 |
| DMZ Switch |
| Auth. Serv.|
When users login from home, the authentication server MUST know the IP address of the user. So instead of giving me a DMZ IP address of the DL1 or DL2, it gives me the public address of the user.
But, if I set the default gateway on the Authentication server to be DL1, when users try to login using DL2, they cannot, because the reply to their request is going through DL1 and IS1 instead of IS2.
I have setup Shorewall on DL1 to do one-to-one NAT to the auth. server and it was working well, until I decided to add another ISP
So what can I do, either on DL1 and DL2 or the auth. server to let my users login using both ISPs?