> Ok, I'll bite. What does DE-nated mean? What are your > iptables chains? I meant un-natting o whatever it's called... The process which is applied to the return packet in a NATted connection For all practical purposes my chains are open, and DNATting on PREROUTING > Martin Ferrari - Decidir IT wrote: > > > Folks, > > > > I have an urgent problem... > > > > I have a dualhomed host, two internet uplinks, with two > internal networks, > > and I need to access some hosts from both of the links. > > Debian Woody, kernel 2.4.17, iproute2-ss001007, iptables v1.2.4 > > > > > > I did NAT from 64.x.x.131 to 192.168.x.x, and from 200.x.x.218 to > > 192.168.x.x. It works ok, except for something: I can't > find out a way to > > force the packets DE-nated to 200.x.x.218 to go out by the > 200.x.x.x iface, > > they all go out by the default iface, which is 64.x.x.x. > > > > I tryed with iproute2, these are my rules & routes: > > > > # ip ru l > > 0: from all lookup local > > 32764: from 64.x.x.128/26 lookup uunet > > 32765: from 200.x.x.192/27 lookup comsat > > 32766: from all lookup main > > 32767: from all lookup default > > > > # ip ro l table uunet > > default via 64.x.x.129 dev eth1 > > > > # ip ro l table comsat > > default via 200.x.x.222 dev eth0 > > > > # ip ro l table main > > 200.x.x.192/27 dev eth0 proto kernel scope link src 200.x.x.219 > > 64.x.x.128/26 dev eth1 proto kernel scope link src 64.x.x.131 > > 192.168.x.0/24 dev eth2 proto kernel scope link src 192.168.x.200 > > default via 64.x.x.129 dev eth1 > > > > But it ignores my source routes. It seems like it chooses the output > > interface before prerouting (?), before de-natting, where > the source address > > is > > 192.168.x.x, and in that moment I don't know how it will be > de-natted > > > > Can anyone help me???? > > > > > > As a side note, I also cannot setup loadbalancing combining > ip route nexthop > > with iptables MASQUERADE. I do: > > > > # ip r d default > > # ip r a default nexthop dev eth0 via 200.x.x.222 nexthop > dev eth1 via > > 64.x.x.129 > > > > and then: > > > > # ip r l > > 200.x.x.192/27 dev eth0 proto kernel scope link src 200.x.x.219 > > 64.x.x.128/26 dev eth1 proto kernel scope link src 64.x.x.131 > > 192.168.x.0/24 dev eth2 proto kernel scope link src 192.168.x.200 > > default > > nexthop via 200.x.x.222 dev eth0 weight 1 dead > > nexthop via 64.x.x.129 dev eth1 weight 1 > > > > > > The "dead" flag stays there, and never uses the 200.x.x.x > route.. Do you > > know why it could be? > > > > > > - > > : send the line "unsubscribe > linux-net" in > > the body of a message to majordomo@vger.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > > > -- > Casey Carter > Casey@Carter.net > ccarter@uiuc.edu > AIM: cartec69 > > - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
