Ben Scott wrote:
On 10/25/07, Peter Rabbitson <rabbit+list@xxxxxxxxx> wrote:
Unfortunately not easy without doing local NAT (from the local interface
to another local interface).
I thought that might be the case. I even started to write a rule
about how the NAT might work... but then I ran into brain pain trying
to figure out how, because I didn't know when the packets get what
address/interface info assigned to them, and I didn't know how SNAT
would interact with the routing tables. Normally, I do SNAT in the
POSTROUTING chain, but by then the routing rules have already run,
right? So the packet would still be bound for the wrong interface,
even if the source address is translated. No?
I was not thorough enough. The NAT is necessary in order to make the
packet come back through the link/interface you want (because as I noted
previously you do not have control over the choice of a source address).
Once this is out of the way the only problem is how to make an already
routed packet to leave via a different interface. One way to do this is
the ROUTE target:
http://netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-4.html#ss4.5
There might also be other ways to do this, but I never investigated, as
this is a mostly theoretical exercise.
Peter
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
