[LARTC] routing problem

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Mar 05, 2002 at 09:25:58AM +0530, suresh wrote:
> I have routing problem using Adv Routing.
> Let me explain with exact flow of packets in my LAN to INTERNET
> 
>                 I N T E R N E T
>                 /                     \
>     -------------             -------------
>     | a.b.c.e      |              | w.x.y.u     |
>     |  router1    |              |   router2    |
>     -------------             -------------
>                \                   /
>                 \                /
>                  \             /
>                   -----------
>                   |   Switch  |
>                   -----------
>                        |
>                        |
>                        |
>                       eth1                eth1 a.b.c.d     gw a.b.c.e
>                  --------------       eth1:0 w.x.y.z  gw w.x.y.u
>                  |                   |
>                  |    linux        |
>                  |                   |
>                  --------------        eth0 172.16.1.1
>                     eth0                    eth0:0 192.168.1.1
>                         |
>                         |
Rephrased: eth0 is local, eth1 is internet?
eth0: 172.16.1.1/24 and 192.168.1.1/24
eth1: w.x.y.z/28 and a.b.c.d/28

> I want to forward all packet from 172.16.1.0/24 Network to router 1
> and from 192.168.1.0/24 Network to router2.
> 
> In the linux box i am doing advance routing and iptables.
> Here i am using iptables just for masquerading
> the rules are
> #/sbin/iptables -t nat -A POSTROUTING -o eth0 -p icmp --icmp-type ping -s
> 0/0 -d  0/0 -j MASQUERADE
> #/sbin/iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 0/0 -d 0/0 -j
> MASQUERADE
So you are really masquerading internet traffic, so that traffic from
the internet looks like local traffic?
Don't you mean:
/sbin/iptables -t nat -A POSTROUTING -o eth1 -p icmp --icmp-type ping -s  0/0 -d  0/0 -j MASQUERADE
In other words: icmp traffic going to the internet should be masqueraded?

But now for the next thing in problem solving:
1) flush your iptables.
2) start these:
tcpdump -n -e -i eth0
tcpdump -n -e -i eth1

3) ping from the 192.168.1.0 network a few times (it will not be answered).
Watch the outgoing traffic on eth1
4) ping from the 172.16.1.0 network a few times.
Watch the outgoing traffic on eth1

At this point it should start sending the icmp request to the different
routers. The *only* way to notice this is the mac address to which it
is sent!

If that is correct, then your ip stuff is correct. Your next target is
the iptables.

Enter this:
/sbin/iptables -t nat -A POSTROUTING -o eth1 -p icmp --icmp-type ping -s  0/0 -d  0/0 -j MASQUERADE

And try the pings again. Watch the mac, and the ip addresses.
You will see that masqueraded packets "arive" to times at the interface,
once masqueraded, and once demasqueraded.

If one of these steps does not do as I say, please cut and paste your
terminal output.
(That means tcpdumps etc...)
-- 
<ard@telegraafnet.nl> Telegraaf Elektronische Media  http://wwwijzer.nl
http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html 
Let your government know you value your freedom. Sign the petition:
http://petition.eurolinux.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux