Re: Multihomed Masquerading, routing and iptables

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 06 Jan 2004 01:49, Rio Martin wrote:
> > > > > Hmm. Just replace -j MASQUERADE with -j SNAT? Will that not break
> > > > > other things?
> > > >
> > > > -j SNAT your_ip
> > >
> > > Or rather -j SNAT --to-source your_ip. I get it. I'll check if that
> > > works better than masquerading.
> >
> > Just tried it - no difference. Packets still come out with source IP
> > address not matching the interface. :-(
>
> Try it switch manually, first you set up without iproute. Remove all the
> tables you have created and flush it. Try with ISP1 first. Do SNAT --to
> ip.of.ISP1
> Is it work? Okay, now switch to the ISP2. Do SNAT --to ip.of.ISP2.
> It should be work, otherwise something wrong with the kernel or iptables
> you had on your machine.
>
> Finish this step first, report back to the list.

If one of the default routes is removed, everything works OK. However, if 
there are two default routes, packets get misdirected. ChangeLog for 2.4.21 
lists a few conntrack bug fixes, which I suspect to be the cause of this. 
Basically, the non-deterministic default route selection/rotation seems to 
take precedence over maintaining the same interface for serving a particular 
established connection through the firewall.

I'm compiling a new clean 2.4.24 with the jumbo routes patch at the moment, 
which will hopefully fix things. I'm hoping to try it out tonight. And BTW, 
the latest RH9 kernel released yesterday (2.4.20-28.9 IIRC), is still broken 
as far as routing is concerned.

Gordan
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux