[LARTC] [REPOST] Help me: ipmasqadm and default gatway...

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Excuse me form reposting the quesiton, but I didn't find any solution.
Any suggestion is welcome

Hi,
I'm running a Debian 2.2r2 on a university server with 3 public ip o(1.1.1.1  
2.2.2.2 and 3.3.3.3 on one 
ethernet card (but soon we will have three cards).
There's a tunnel (implemented with vtund on a tun interface with local 
address 192.168.1.10 and remote 192.168.1.20) from this server to another 
server without public ip and behind a router.
I wanted to make the second server visible to the world, so I reserved one of 
the public addresses (say 2.2.2.2) for the job and I made an ipmasqadm portfw 
rule to redirect incoming packets on 1.1.1.1 port 80 to the remote address of 
the tunnel interface (192.168.1.20) on the same port.
Things are running. Packets are redirected from the public address to the 
private one and then, via tun interface, reach the "private server".
*BUT* packets are arriving un-masquearded, that's to say with the address of 
the host that requested the connection.
So to get things working I have to set the public server as default route on 
the masqueraded one, the thing it's not so good for me, 'cause the 
masqueraded server act as gateway for a sub-net and I don't want all the 
traffic being routed on the tunnel interface via the public server.
I think that the right way is to get packets being masqueraded from the 
public server with it's tunnel address, so that the masqueraded server will 
know where to send back packets. 

Any suggestion is really welcome.

As better explain than my english I add here some rules and info.
            HOST A                       HOST B 
       -----------                  --------------
I      |          |                 |            |
N    eth0        tun1            tun1            eth0
T ---1.1.1.1   192.168.1.10 --- 192.168.1.20     172.20.32.1 --- GATEWAY
E    eth0:1
R ---2.2.2.2
N
E
T

HOST A
#masq what is coming from HOST B
ipchains -A forward -s 192.168.1.20/32 -d 0.0.0.0/0  -j MASQ
#masq what goes to HOST B
#ipchains -A forward -s 0.0.0.0/0 -d 192.168.1.20/32 -l -j MASQ
#redirect
ipmasqadm portfw -a -P tcp -L 1.1.1.1 80 -R 192.168.1.20 80

HOST B
#172.16.32.1 #ROUTER/GATEWAY OF THE LAB
#how to reach the public end of the tunnel 
route add -host 2.2.2.2 gw 172.16.32.1


         Thanks a lot,

         gianpaolo
-- 
Un dottore distratto alla paziente: "E' stata a teatro ieri sera?".
"No, sono andata a letto presto".  "E c'era molta gente?".
		-- Da it.hobby.umorismo
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux