Hello. I need your help. The problem is I can not make route nat working with kernel 2.6 although in 2.4 everthing works perfectly. If this is the wrong list to ask question about this, please poke me in the right one. So. I have router with two network cards: eth0(192.168.1.10) and eth1 (192.168.2.150). Kernel is 2.6.8.1. In the kernel all options and suboptions concerning "IP: advanced router" are enabled. I want to map computer in 192.168.2.0/24 subnet with IP 192.168.2.5 on 192.168.1.17 in 192.168.1.0/24 subnet. I am not an artist but may be this graph can illustrate my situation: 192.168.1.0/24<..... nat ....>192.168.2.0/24 <192.168.1.1>-----<192.168.1.10>router<192.168.2.150>-----<192.168.2.5> eth0 eth1 host i want <192.168.1.17>----------nat------------> to map dummy address So following ip-cref written by Alexey Kuznetsov first of all I issue the command: nat router # ip route add nat 192.168.1.17 via 192.168.2.5 Now my router answers ARP for 192.168.1.17 and recieves the packets for it. Then it ever route them from eth0 to eth1 BUT it does not nat destination ip address. Look what one can see using tcpdimp! I ping 172.16.1.17 from 192.168.1.1: nat router # tcpdump -ni eth0 05:49:19.085838 arp who-has 192.168.1.17 tell 192.168.1.1 05:49:19.086938 arp reply 192.168.1.17 is-at 00:0c:29:od:85:04 05:49:19.692799 IP 192.168.1.1 > 192.168.1.17: icmp 64: echo request seq 1 AT the same time on eth1: nat router # tcpdump -ni eth0 05:49:19.692837 IP 192.168.1.1 > 192.168.1.17: icmp 64: echo request seq 1 My route table is Ok. nat router # ip route 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.250 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 127.0.0.0/8 via 127.0.0.1 dev lo scope link So why the packet that should be DNATed is not and how could packet that should be sent to eth0 sent to eth1? Is there any other possibility to nat 192.168.2.5 on 192.168.1.17? The last question what is with "IP: fast network address translation" in 2.6.9 kernel? Why it is absent? Thank you in advance, _____________ Peter. P.S. I need your help to find sollution. Otherwise there is a possibility for my employer can dismiss me. P.P.S. below is also my letter with the same problem. No one answered it.:( On Tuesday 26 October 2004 20:49, Петр Волков wrote: > All worked with 2.4 kernel, but when I have to move to 2.6.8.1 it's not. > > I'm using "ip route nat 231.222.222.111 via 172.16.1.13" to substitute inet > address 231.222.222.111 on 172.16.1.13 during routing. Look at the output: > _____________ > myhost log # ip route list table local > broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 > local 172.16.0.1 dev eth1 proto kernel scope host src 172.16.0.1 > broadcast 172.16.0.0 dev eth1 proto kernel scope link src 172.16.0.1 > broadcast 231.222.222.111 dev eth0 proto kernel scope link src > 231.222.222.111 broadcast 231.222.222.111 dev eth0 proto kernel scope > link src 231.222.222.111 local 231.222.222.111 dev eth0 proto kernel > scope host src 231.222.222.111 broadcast 172.16.255.255 dev eth1 proto > kernel scope link src 172.16.0.1 broadcast 127.0.0.0 dev lo proto kernel > scope link src 127.0.0.1 nat 231.222.222.111 via 172.16.1.13 scope host > local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 > local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 > > myhost log # ip rule > 0: from all lookup local > 323: from 172.16.1.13 lookup main map-to 231.222.222.111 > 32766: from all lookup main > 32767: from all lookup default > _______________________ > > So I'm trying to translate local address 172.16.1.13 on 231.222.222.111. > > And that was working under 2.4 kernel. But now I have to move to 2.6 kernel > and now it's not working. > > I've used this commands: > ip route add nat 231.222.222.111 via 172.16.1.13 > ip rule add prio 323 from 172.16.1.13 nat 231.222.222.111 > > !!! To be sure that it is kernel problem I've added this two rules in my > FORWARD chain in the very beginning: iptables -I FORWARD -s 172.16.1.13 -j > LOG > iptables -I FORWARD -d 231.222.222.111 -j LOG > > Look I have packets that should not be there: > Oct 27 00:30:04 rcline IN=eth1 OUT=eth0 SRC=172.16.1.13 DST=64.12.161.185 > LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=43039 DF PROTO=TCP SPT=1923 DPT=5190 > WINDOW=65535 RES=0x00 SYN URGP=0 Oct 27 00:30:04 rcline IN=eth0 OUT=eth1 > SRC=83.102.131.142 DST=231.222.222.111 LEN=84 TOS=0x00 PREC=0x00 TTL=59 > ID=2990 DF PROTO=ICMP TYPE=8 CODE=0 ID=22310 SEQ=2991 > > No substitution of niether destination, nor source adresses!!! > > Please help me to make this working. I've tried 2.6.9 kernel, but It seems > there is no "IP: fast network address translation". Why. Is feature already > deprecated? _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
