It seems that you did not applied the patches from
http://www.ssi.bg/~ja/#routesThere are also a howto called nano.txt that shows you how to setup what you want.
Nathan.
Mart Frauenlob <mart.frauenlob@xxxxxxxxx> escreveu:
Hello,
nobody even commented this post?
What's wrong about it?
Thank you
Mart
Mart Frauenlob wrote:
> Hello newsgroup,
>
> I hope somebody with more routing experience then me can help me with
> the problem I have.
>
> The setup is as described below. A dual internet provider routing,
> multiple local area networks, and a dmz network with one public and one
> private ip range.
> I followed the instructions at lartc.org, and so far everything is working.
> The default route is via 'PROV_STATIC', only packets comming from LAN
> 192.168.111.0/24 are routed via 'PROV_DSL'.
> Now if I want to do network address translation via iptables for certain
> traffic coming into the dsl interface ppp0,
> packets never reach their destination.
> DNAT into DMZ or any of the LANs over the eth0 interface works as expected.
> So for example applying a DNAT rule like:
> 'iptables -t nat -A PREROUTING -i ppp0 -d 217.92.8.242 -p tcp --dport 80
> -j DNAT --to-destination 62.155.170.254'
> fails.
>
> Same for NAT attempts into the LANs 192.168.112.0/24 and 192.168.113.0/24.
> While DNAT into LAN 192.168.111.0/24 works perfectly.
>
> So I think the problem is that traffic from the DMZ and those two LANs
> have the ip rules applied to end up in the the table 'PROV_STATIC'.
> Which usually is what I want, but not in this case, where I want port or
> protocol specific traffic to be routed differntly.
> Is there a way to 'override' the default routing behaviour for i.e. http
> traffic?
> I tried the iptables ROUTE target, but did not get it working, but could
> of course be my error.
> Is there anything wrong with my current routing tables?
>
> Thank you for any help you can give.
>
> Best regards,
>
> Mart
>
> <------------------------------------------------->
> Setup:
>
> Firewall / Router:
> 2 external interfaces
> 3 lan interfaces
> 1 dmz interface
>
> External interfaces:
> 1 - PROV_STATIC:
> IP: 62.155.170.250
> Network: 62.155.170.248/30
> Interface: static interface eth0
> global default route via: 62.155.170.249
> 2 - PROV_DSL:
> IP: 217.92.8.242
> Peer: 217.6.98.186
> Interface: DSL interface ppp0 (pppoe over eth1)
>
> DMZ interface:
> IP_1: 62.155.170.253
> Network_1: 62.155.170.252/30
> IP_2: 192.168.0.1
> Network_2: 192.168.0.0/24
> Interface: eth4
>
> LAN interfaces:
> 1: IP: 192.168.111.1
> Network: 192.168.111.0/24
> Interface: eth5
> 2: IP: 192.168.112.1
> Network: 192.168.112.0/24
> Interface: eth2
> 3: IP: 192.168.113.1
> Network: 192.168.113.0/24
> Interface: eth3
>
> igor:/# ip route list table PROV_DSL
> 217.6.98.186 dev ppp0 proto kernel scope link src 217.92.8.242
> 62.155.170.248/30 dev eth0 scope link src 62.155.170.250
> 62.155.170.252/30 dev eth4 proto kernel scope link src 62.155.170.253
> 192.168.112.0/24 dev eth2 proto kernel scope link src 192.168.112.1
> 192.168.113.0/24 dev eth3 proto kernel scope link src 192.168.113.1
> 192.168.0.0/24 dev eth4 proto kernel scope link src 192.168.0.1
> 192.168.111.0/24 dev eth5 proto kernel scope link src 192.168.111.1
> 10.0.0.0/8 via 192.168.111.3 dev eth5 proto kernel src 192.168.111.1
> 127.0.0.0/8 dev lo scope link
> default via 217.6.98.186 dev ppp0
>
>
> igor:/# ip route list table PROV_STATIC
> 217.6.98.186 dev ppp0 proto kernel scope link src 217.92.8.242
> 62.155.170.248/30 dev eth0 scope link src 62.155.170.250
> 62.155.170.252/30 dev eth4 proto kernel scope link src 62.155.170.253
> 192.168.112.0/24 dev eth2 proto kernel scope link src 192.168.112.1
> 192.168.113.0/24 dev eth3 proto kernel scope link src 192.168.113.1
> 192.168.0.0/24 dev eth4 proto kernel scope link src 192.168.0.1
> 192.168.111.0/24 dev eth5 proto kernel scope link src 192.168.111.1
> 10.0.0.0/8 via 192.168.111.3 dev eth5 proto kernel src 192.168.111.1
> 127.0.0.0/8 dev lo scope link
> default via 62.155.170.249 dev eth0
>
>
> igor:/# ip route list
> 217.6.98.186 dev ppp0 proto kernel scope link src 217.92.8.242
> 62.155.170.248/30 dev eth0 proto kernel scope link src 62.155.170.250
> 62.155.170.252/30 dev eth4 proto kernel scope link src 62.155.170.253
> 192.168.112.0/24 dev eth2 proto kernel scope link src 192.168.112.1
> 192.168.113.0/24 dev eth3 proto kernel scope link src 192.168.113.1
> 192.168.0.0/24 dev eth4 proto kernel scope link src 192.168.0.1
> 192.168.111.0/24 dev eth5 proto kernel scope link src 192.168.111.1
> 10.0.0.0/8 via 192.168.111.3 dev eth5 proto kernel
> default via 62.155.170.249 dev eth0
>
>
> igor:/# ip rule list
> 0: from all lookup local
> 32759: from 192.168.0.0/24 lookup PROV_STATIC
> 32760: from 62.155.170.252/30 lookup PROV_STATIC
> 32761: from 192.168.113.0/24 lookup PROV_STATIC
> 32762: from 192.168.112.0/24 lookup PROV_STATIC
> 32763: from 192.168.111.0/24 lookup PROV_DSL
> 32764: from 217.92.8.242 lookup PROV_DSL
> 32765: from 62.155.170.250 lookup PROV_STATIC
> 32766: from all lookup main
> 32767: from all lookup default
> <------------------------------------------------->
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Yahoo! Acesso Grátis
Internet rápida e grátis. Instale o discador agora!
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
