Re: 2 providers & DNAT: incoming packets not forwarded

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!
May be you need to set /proc/sys/net/ipv4/ip_forward sysctl value to 1?

Best regards,
Alexander A. Naumov

On Thu, Feb 19, 2004 at 03:45:06PM +0100, Raphael Benedet wrote:
> Hi,
> 
> I have a problem with incoming connections on my Linux gateway.
> I have 2 providers, cable modem on eth1 and dsl on eth2 <-> ppp0 
> (pppoe). The lan network is connected to eth0. At the moment, I have a 
> very simple configuration where the default route is via eth1 (cable 
> modem). I set up DNAT on ppp0 to forward incoming traffic for certain 
> ports to a computer behind the gateway/firewall:
> iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 2000 -j DNAT 
> --to-destination 172.16.1.4
> Packets get lost and never reach the FORWARD chain (I logged all packets 
> to be sure)
> 
> Here are my routes:
> 
> # ip route ls
> 215.136.169.1 dev ppp0  proto kernel  scope link  src 215.136.169.15
> 135.165.199.128/25 dev eth1  proto kernel  scope link  src 135.165.199.139
> 172.16.0.0/16 dev eth0  proto kernel  scope link  src 172.16.1.1
> default via 135.165.199.129 dev eth1
> 
> So, I understand traffic by default goes via eth1, but why don't 
> incoming packets redirected (DNATed) to an intranet IP address go out 
> via eth0?
> If I change my default route in table main to go via ppp0, then, it 
> works. And DNATing on eth1 works with the current configuration.
> 
> I don't have any other routing tables nor complex routing rules:
> # ip rule ls
> 0:      from all lookup local
> 32766:  from all lookup main
> 32767:  from all lookup default
> 
> I am running kernel 2.4.23 with Julian's patches.
> 
> Any help would be greatly appreciated. Thank you.
> 
> Raph
> 
> 
> -- 
> 
> Raphael Benedet
> 3D Artists - raph.com
> "bringing art into the third dimension"
> 
> _______________________________________________
> LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux