NAT on multihomed host

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Folks,

I have an urgent problem...

I have a dualhomed host, two internet uplinks, with two internal networks,
and I need to access some hosts from both of the links.
Debian Woody, kernel 2.4.17, iproute2-ss001007, iptables v1.2.4


I did NAT from 64.x.x.131 to 192.168.x.x, and from 200.x.x.218 to
192.168.x.x. It works ok, except for something: I can't find out a way to
force the packets DE-nated to 200.x.x.218 to go out by the 200.x.x.x iface,
they all go out by the default iface, which is 64.x.x.x.

I tryed with iproute2, these are my rules & routes:

# ip ru l
0:	from all lookup local 
32764:	from 64.x.x.128/26 lookup uunet 
32765:	from 200.x.x.192/27 lookup comsat 
32766:	from all lookup main 
32767:	from all lookup default 

# ip ro l table uunet
default via 64.x.x.129 dev eth1 

# ip ro l table comsat
default via 200.x.x.222 dev eth0 

# ip ro l table main
200.x.x.192/27 dev eth0  proto kernel  scope link  src 200.x.x.219
64.x.x.128/26 dev eth1  proto kernel  scope link  src 64.x.x.131
192.168.x.0/24 dev eth2  proto kernel  scope link  src 192.168.x.200
default via 64.x.x.129 dev eth1

But it ignores my source routes. It seems like it chooses the output
interface before prerouting (?), before de-natting, where the source address
is
192.168.x.x, and in that moment I don't know how it will be de-natted

Can anyone help me????


As a side note, I also cannot setup loadbalancing combining ip route nexthop
with iptables MASQUERADE. I do:

# ip r d default
# ip r a default nexthop dev eth0 via 200.x.x.222 nexthop dev eth1 via
64.x.x.129

and then:

# ip r l
200.x.x.192/27 dev eth0  proto kernel  scope link  src 200.x.x.219
64.x.x.128/26 dev eth1  proto kernel  scope link  src 64.x.x.131
192.168.x.0/24 dev eth2  proto kernel  scope link  src 192.168.x.200
default 
	nexthop via 200.x.x.222  dev eth0 weight 1 dead
	nexthop via 64.x.x.129  dev eth1 weight 1


The "dead" flag stays there, and never uses the 200.x.x.x route.. Do you
know why it could be?


-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux