Re: Unusual routing problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've set this up and still having no luck. Responses to packets that come in
ppp0 are still going out eth0. Any other ideas on what I may be doing wrong?


Hi Benjamin,

I have recently been playing with the same thing, and have a still
unanswered
question regarding the possibility to combine MASQUERADING with NAT!

Anyway, if you keep things down to a simple level, then all you have to do
is
create a second routing table (copy), and then add a fwmark rule to to tell
the routing system, that the second table should be used when the mark is
matched.

In your iptables, you mark all packets which are bound for your secondary
route. While the default set up will ensure that you have all packets
running
through normally.

Ip routing rule:
$ ip rule add fwmark xxx table yyy

in iptables:
$ iptables -t mangle -A PREROUTING [conditions] -j MARK --set-mark xxx

Hopes this helps. However, if you manage to set up your system with working
masquerading & natting, please give me a hint - I'm completely stuck and are
currently resolving to using aliasing!

/Kim

On Monday 24 March 2003 19:25, Benjamin Tompkins wrote:
> I am attempting to route myself an ip block from my office to my home via
a
> tunnel. Simple enough. The catch is, I only want the tunnel to be used for
> lan destined traffic and incoming connections to my IP block. The lan
> destined traffic is easy, the trick apparently is getting the block to be
> accessible via the internet, without forcing all traffic to use the
tunnel.
> A diagram.
>
> eth0  (DHCP) cable modem            eth1  (x.x.x.1/28) LAN
>                                               \   /
>                                       Linux Machine
>
>                                  ppp0 (x.x.x.2/30)
>
> Ok, so what I have so far is as follows.
>
> This takes care of access to the office network.
> route add -net x.x.x.1 netmask 255.255.255.240 dev eth1
> route add -net x.x.x.0 netmask 255.255.254.0 dev ppp0
> route add -host x.x.x.1 dev eth0
>
> Now to use the cable for everything else.
> iptables -A POSTROUTING -s x.x.x.1/28 -o eth0 -j MASQUERADE
>
> So now I can access my office lan and vice versa, and everything else gets
> masqed out the cable. But I'm having a heck of a time letting the box to
> know that stuff requested via ppp0, needs to go out ppp0. I have looked at
> using the mangle table making rules for input and forward, but am just
> missing something along the way. Any help anyone can offer would be
greatly
> appreciated. Thanks.




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux