Ok, I'll bite. What does DE-nated mean? What are your iptables chains? What exactly is happening, and what exactly do you expect to happen? Martin Ferrari - Decidir IT wrote: > Folks, > > I have an urgent problem... > > I have a dualhomed host, two internet uplinks, with two internal networks, > and I need to access some hosts from both of the links. > Debian Woody, kernel 2.4.17, iproute2-ss001007, iptables v1.2.4 > > > I did NAT from 64.x.x.131 to 192.168.x.x, and from 200.x.x.218 to > 192.168.x.x. It works ok, except for something: I can't find out a way to > force the packets DE-nated to 200.x.x.218 to go out by the 200.x.x.x iface, > they all go out by the default iface, which is 64.x.x.x. > > I tryed with iproute2, these are my rules & routes: > > # ip ru l > 0: from all lookup local > 32764: from 64.x.x.128/26 lookup uunet > 32765: from 200.x.x.192/27 lookup comsat > 32766: from all lookup main > 32767: from all lookup default > > # ip ro l table uunet > default via 64.x.x.129 dev eth1 > > # ip ro l table comsat > default via 200.x.x.222 dev eth0 > > # ip ro l table main > 200.x.x.192/27 dev eth0 proto kernel scope link src 200.x.x.219 > 64.x.x.128/26 dev eth1 proto kernel scope link src 64.x.x.131 > 192.168.x.0/24 dev eth2 proto kernel scope link src 192.168.x.200 > default via 64.x.x.129 dev eth1 > > But it ignores my source routes. It seems like it chooses the output > interface before prerouting (?), before de-natting, where the source address > is > 192.168.x.x, and in that moment I don't know how it will be de-natted > > Can anyone help me???? > > > As a side note, I also cannot setup loadbalancing combining ip route nexthop > with iptables MASQUERADE. I do: > > # ip r d default > # ip r a default nexthop dev eth0 via 200.x.x.222 nexthop dev eth1 via > 64.x.x.129 > > and then: > > # ip r l > 200.x.x.192/27 dev eth0 proto kernel scope link src 200.x.x.219 > 64.x.x.128/26 dev eth1 proto kernel scope link src 64.x.x.131 > 192.168.x.0/24 dev eth2 proto kernel scope link src 192.168.x.200 > default > nexthop via 200.x.x.222 dev eth0 weight 1 dead > nexthop via 64.x.x.129 dev eth1 weight 1 > > > The "dead" flag stays there, and never uses the 200.x.x.x route.. Do you > know why it could be? > > > - > : send the line "unsubscribe linux-net" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Casey Carter Casey@Carter.net ccarter@uiuc.edu AIM: cartec69 - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
