NAT and iproute2: deprecated?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Please forgive me if this is the incorrect mailing list; it seemed like
either this or the netfilter list would be the best place to ask but
please suggest otherwise if appropriate.

For some time I have, based on descriptions in the LARTC howto,
implemented 1-to-1 NAT on a GNU/Linux (Debian, in case it matters)
router using iproute2 and iptables.  This is done on a router that binds
multiple external IPs from multiple upstream providers, so it's a bit
more complex than your usual home NAT.

For example, to setup routing from internal machine 192.168.20.2 via
externally facing router-bound IP x.y.z.2 with gateway w.x.y.1, and to
pass HTTP traffic to the NAT'd IP, I would do, e.g.:

 ip route add nat x.y.z.2 via 192.168.10.2
 ip rule add nat x.y.z.2 from 192.168.10.2 table 130
 ip rule add from x.y.z.2 table 130
 ip route add table 130 default via x.y.z.1
 iptables -t nat -A POSTROUTING -s 192.168.10.2 -j SNAT --to-source x.y.z.2
 iptables -t nat -A PREROUTING -d x.y.z.2 -p tcp --dport 80 -j DNAT
--to-destination 192.168.10.2:80

This works OK on older systems, but breaks on later kernels (last worked
on 2.6.8 or so), producing deprecation errors.  This is consistent with
the manpage for ip:


ip route - routing table management
nat  -  a  special  NAT  route.  Destinations covered by the prefix are
considered to be dummy (or external) addresses which require translation
to real (or internal) ones before forwarding.  The addresses to
translate to are selected with the attribute
___Warning: Route NAT is no longer supported in Linux 2.6.___


I would love nothing more than to eliminate use of deprecated features,
but have not been able to figure out what the preferred approach is.  I
have done extensive Google searches, but all I have found are vague
references to using tc to accomplish such a task (cf.
http://www.network-builders.com/re-nat-using-iproute2-t103447.html).

Can someone point me in the direction of the appropriate documentation?
 I would love to RTFM, but I need to know which M to R.


-- 
Conrad Shultz
conrad@xxxxxxxxxxxxxxxx

"Beets are a very misunderstood vegetable."

- Capt. Benjamin Sisko, Star Trek: Deep Space Nine, "Equilibrium"
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux