ip route nat madness.

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello list.

I may become crazy without your help. I'm not nubie, but...

All worked with 2.4 kernel, but when I have to move to 2.6.8.1 it's not.

I'm using "ip route nat 231.222.222.111 via 172.16.1.13" to substitute inet address 231.222.222.111 on 172.16.1.13 during routing. Look at the output:
_____________
myhost log # ip route list table local
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1
local 172.16.0.1 dev eth1  proto kernel  scope host  src 172.16.0.1
broadcast 172.16.0.0 dev eth1  proto kernel  scope link  src 172.16.0.1
broadcast 231.222.222.111 dev eth0  proto kernel  scope link  src 231.222.222.111
broadcast 231.222.222.111 dev eth0  proto kernel  scope link  src 231.222.222.111
local 231.222.222.111 dev eth0  proto kernel  scope host  src 231.222.222.111
broadcast 172.16.255.255 dev eth1  proto kernel  scope link  src 172.16.0.1
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1
nat 231.222.222.111 via 172.16.1.13  scope host
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1

myhost log # ip rule
0:      from all lookup local
323:    from 172.16.1.13 lookup main map-to 231.222.222.111
32766:  from all lookup main
32767:  from all lookup default
_______________________

So I'm trying to translate local address 172.16.1.13 on 231.222.222.111.

And that was working under 2.4 kernel. But now I have to move to 2.6 kernel and now it's not working.

I've used this commands:
ip route add nat 231.222.222.111 via 172.16.1.13
ip rule add prio 323 from 172.16.1.13 nat 231.222.222.111

!!! To be sure that it is kernel problem I've added this two rules in my FORWARD chain in the very beginning:
iptables -I FORWARD -s 172.16.1.13 -j LOG
iptables -I FORWARD -d 231.222.222.111 -j LOG

Look I have packets that should not be there:
Oct 27 00:30:04 rcline IN=eth1 OUT=eth0 SRC=172.16.1.13 DST=64.12.161.185 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=43039 DF PROTO=TCP SPT=1923 DPT=5190 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 00:30:04 rcline IN=eth0 OUT=eth1 SRC=83.102.131.142 DST=231.222.222.111 LEN=84 TOS=0x00 PREC=0x00 TTL=59 ID=2990 DF PROTO=ICMP TYPE=8 CODE=0 ID=22310 SEQ=2991

No substitution of niether destination, nor source adresses!!!

Please help me to make this working. I've tried 2.6.9 kernel, but It seems there is no 
"IP: fast network address translation". Why. Is feature already deprecated?

Some advices how to solve this problem are very welcome.

Sorry for my bad English, it is not my native language.

Thank you for your reading of this cry for help. If you have any ideas... they are welcome...
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux