Hi, Brad Barnett (bb@xxxxxxx) wrote on 2003-11-01: > We have the same problem. ;) You're right, it doesn't make any sense. Yeah, that's what I feel. Unfortunately, my message to linux-netdev went unnoticed, and I don't really know of any reference against which to compare whether the current behaviour is intended or not. > Can anyone elaborate?? My setup is virtually identical to what Thomas > has. However, I'm using IPMASQ on my outgoing connection, so I am able to > see that the problem exists even without using SNAT. This is what I do currently, and it seems to work. This is from an ip-up script for my PPP link: ip route flush table aonc ip route add $GWIP dev $PPP_IFACE src $PPP_LOCAL table aonc # local for DNS etc ip route add 192.168.1.0/24 dev eth0 src 192.168.1.1 table aonc # internet via PPP lnk ip route add default via $PPP_REMOTE src $PPP_LOCAL table aonc ip rule add fwmark 3 lookup aonc # owner tagging iptables -t mangle -A OUTPUT -m owner --uid-owner freenet -j MARK --set-mark 3 # SNAT for outgoing packets iptables -A POSTROUTING -t nat -o $PPP_IFACE --match mark --mark 0x03 -j SNAT --to-source $PPP_LOCAL # DNAT for incoming packets iptables -t nat -A PREROUTING -i $PPP_IFACE -d $PPP_LOCAL -j DNAT --to-destination 192.168.1.1 ip route flush cache However, this is feels like a very bad hack - the final DNAT makes the interface unusable for other purposes, and the interaction between the sockets' addresses and the packets' addresses are too complicated for my taste. It's okay for my home network, but I wouldn't want to run this productively. ciao, -- [*Thomas Themel*] Our national shield displays a lion with two tails. It's [extended contact] rumoured that it symbolizes the nature of our governments; [info provided in] that there actually were two lions, but one is now stuck [*message header*] deep in the ass of the other one. - Thomas Shaddack _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
