Fabian Arrotin wrote:
> Filipe Brandenburger wrote:
>> Hi Fabian:
>>
>> On Tue, Jan 27, 2009 at 08:16, Fabian Arrotin <fabian.arrotin@xxxxxxxxxx> wrote:
>>> Question is : how can i "mangle" output packets to appear coming from
>>> public ip and not from 192.168.X.X ?
>> Found this that might help you (google for: linux default outgoing ip):
>>
>> """
>>> On a machine with multiple interfaces, is it possible to set the default
>>> outgoing IP address to something other than the address for the interface
>>> on the outgoing route?
>> Yes.
>>
>> ip route add 10.1.1.0/24 via 192.168.1.1 src 172.16.1.1
>> ^^^
>> The src parameter tells the routing code to use this address when sending
>> packets. The address only needs to be on the system. IE:
>>
>> ip addr add 172.16.1.1/32 dev dummy0
>>
>> And send the packets out of eth0.
>> """
>> From: http://lkml.indiana.edu/hypermail/linux/kernel/0112.1/0359.html
>>
>> Just make sure you keep a separate route for your ISP's side of the
>> private network (maybe the one created when your interface goes up
>> will do), otherwise your routing protocol might fail.
>>
>> HTH,
>> Filipe
>
> Hi Filipe,
>
> thanks for the link, i completely missed that point from the 'ip route'
> command.
> On the other hand, 10 minutes after i had sent my mail (and 3 coffee
> later to be precise) i saw also a picture from wikipedia
> (http://upload.wikimedia.org/wikipedia/fr/thumb/3/3e/Netfilter_schema.png/400px-Netfilter_schema.png)
> explaining how packets went through the different ip tables and it was
> directly clear : even packets leaving the local box (and being processed
> in the OUTPUT filter) are still processed in the nat table (postrouting
> filter) so a simple SNAT rule did the job perfectly too ;-) In fact it's
> the first time that i have to modify packets leaving a linux gateway and
> i thought that only packets being forwarded (and so traversing the
> FORWARD filter) could also being modified in the nat table ...
> I've also had a look in the sysconfig.txt file to see how your solution
> could be applied but it's still not very clear how that can be done. But
> using GATEWAYDEV=eth3 (eth3 having my public-ip/32 while eth3:1 having
> my 192.168.X.X/24 ip) in the /etc/sysconfig/network and declaring a
> GATEWAY=192.168.X.X (isp router ip) in the ifcfg-eth3:1 does also the
> job. But a `route -n` is strange though : " 0.0.0.0 0.0.0.0
> 0.0.0.0 U 0 0 0 eth3" like for the old ppp
> stuff
>
> So multiple ways to solve the initial question ...
>
one coffee cup later i see in sysconfig.txt documentation file for the
paramaters of ifcfg-<interface-name> : "SRCADDR= use the specified
source address for outgoing packets" .. so definitely resolved by
sysconfig files (so a clean solution)
--
--
Fabian Arrotin
idea=`grep -i clue /dev/brain` ; test -z "$idea" && echo "sorry, init
6 in progress" || sh ./answer.sh
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
