On Sunday 30 March 2003 21:00, Benjamin Tompkins wrote: > I've set this up and still having no luck. Responses to packets that come > in ppp0 are still going out eth0. Any other ideas on what I may be doing > wrong? > Try to run some tcpdumps on your interfaces and look for traffic running through, you can also try to log everything in pre/post routing. You can also try to post part of your setup so it is possible to look at the problem. Other than that, I can say that I have managed to get my system to work using aliasing. It's not the solution I wished for, but at least traffic is flowing correctly now. I'm still curious how to solve the problem using conntrack as it simply doesn't work. At the moment, I fear that it may actually be kernel bugs, which prevents this from working properly. /Kim > > Hi Benjamin, > > I have recently been playing with the same thing, and have a still > unanswered > question regarding the possibility to combine MASQUERADING with NAT! > > Anyway, if you keep things down to a simple level, then all you have to do > is > create a second routing table (copy), and then add a fwmark rule to to tell > the routing system, that the second table should be used when the mark is > matched. > > In your iptables, you mark all packets which are bound for your secondary > route. While the default set up will ensure that you have all packets > running > through normally. > > Ip routing rule: > $ ip rule add fwmark xxx table yyy > > in iptables: > $ iptables -t mangle -A PREROUTING [conditions] -j MARK --set-mark xxx > > Hopes this helps. However, if you manage to set up your system with working > masquerading & natting, please give me a hint - I'm completely stuck and > are currently resolving to using aliasing! > > /Kim > > On Monday 24 March 2003 19:25, Benjamin Tompkins wrote: > > I am attempting to route myself an ip block from my office to my home via > > a > > > tunnel. Simple enough. The catch is, I only want the tunnel to be used > > for lan destined traffic and incoming connections to my IP block. The lan > > destined traffic is easy, the trick apparently is getting the block to be > > accessible via the internet, without forcing all traffic to use the > > tunnel. > > > A diagram. > > > > eth0 (DHCP) cable modem eth1 (x.x.x.1/28) LAN > > \ / > > Linux Machine > > > > ppp0 (x.x.x.2/30) > > > > Ok, so what I have so far is as follows. > > > > This takes care of access to the office network. > > route add -net x.x.x.1 netmask 255.255.255.240 dev eth1 > > route add -net x.x.x.0 netmask 255.255.254.0 dev ppp0 > > route add -host x.x.x.1 dev eth0 > > > > Now to use the cable for everything else. > > iptables -A POSTROUTING -s x.x.x.1/28 -o eth0 -j MASQUERADE > > > > So now I can access my office lan and vice versa, and everything else > > gets masqed out the cable. But I'm having a heck of a time letting the > > box to know that stuff requested via ppp0, needs to go out ppp0. I have > > looked at using the mangle table making rules for input and forward, but > > am just missing something along the way. Any help anyone can offer would > > be > > greatly > > > appreciated. Thanks.
