i'm responsible for an isdn router, which doesn't work as i want and expected. Hopefully at least one of you can help us.
We have a private network (192.168.0.0/16) and a standard geteway with a dafault route to the internet-gateway (a nat-ing firewall).
|private net|-----|standard gateway| | | | |nating firewall|-----|internet | |locale services|
Now we want a special network get routed through an additional isdn router for a special subdomain of ours. the foreign network is also aviable over the intenet but has restrictions on some services form the internet
|private net|-----|standard gateway| | | | |isdn router|---(isdn)--|foreign dialin|--[-- | | [-- | |nating firewall|-----|internet|---------[-- | |locale services|
so the isdn route should decide by the source address (a privileged subdomain) which route the traffic goes and nat it if it goes through isdn
the nating is made with iptables i did the following:
rt_tables :
255 local 254 main 253 default 0 unspec 1 xyz
$ ip route add default via [dialin gw] dev ippp0 table xyz # ip rule add from [privileged ip-addr] to [target subnet] table xyz $ ip route flush cache $ echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route
the default route is routed to the standard nating firewall, so the normal traffic should go it's normal old way.
i can ping a host in the target subnet and also traceroute form the privileged host, but i don't get any connection to a web server.
there also is a strange behaviour (on the isdn gw):
$ ip route get [webserver in target net] [webserver in target net] dev ippp0 src [ippp0 ip] cache mtu 1500 advmss 1460 $ ip route get [webserver in target net] from [privileged ip] iif eth0 [webserver in target net] from [privileged ip] dev ippp0 src [eth0 ip] cache mtu 1500 advmss 1460 iif eth0
is this correct?
why does the icmp traffic goes the right way and the other doesn't?
thanks alot
Regards Lars Täuber