Hello, On Mon, 7 Jul 2003, Christian Stuellenberg wrote: > I've got a problem to set up a configuration that shoud allow to route > packets that come in over a certain interface(s) IF1 that then should > go out to another interface IF2 but are addressed to the local address > of interface IF3. So only if packets for the address of interface IF3 > come in over interface IF3 they should be locally accepted. Yes, you have a big problem. Starting from kernels 2.4 and above the routing requires valid source IPs for output routes. Even if you deliver locally the incoming traffic your servers can not generate reply if the src IP is not local IP. What I do not understand from your posts is what is the main goal? Also, what means "..."? Please, draw picture with all wires and all kinds of hardware involved: hubs, routers, subnets. > +------+ > +---IF2/IP2-| HOST |-IF1/IP1---...LAN > . +------+ > . | > . IF3/IP3 > | | > | | > | | > +-Internet--...+ > If I'm right, this should tell me, that the kernel now no longer can > recognize its IP3?! Yes, the routing code does additionally lookup for IPs configured on interfaces (yet). The routing decisions are based on: - routing table lookups - IP lookups and checks > So, is it possible to do what I wanted to do or did I did something > not the right way? I'm not sure there is a right way. The task is not trivial. May be in some next kernel that allows the admin to create any route and not to apply any IP checks. You now do not have the full right to add any routes, that is the problem. You can not control the spoofing checks when saddr=local_IP, the preferred src IP must be local IP. > I'm sorry if this question has been asked over and over again, but I > have googled and looked into the archives but haven't found a solution > that fits my needs. > > Best regards, > Christian Regards -- Julian Anastasov <ja@xxxxxx>
