Hi,
after some doing with iptables and ip from iproute packet and a research in
google i can't resolve my 'routing' problem. I've read also the Linux
adv Routing & Traffic Control HOWTO, but get no idea why my setup
doesn't run as expected.
What i have: A debian sid box, iptables 1.2.7a-5, iproute 20010824-8.
My preffered setup:
DMZ
10.0.0.0/24
|
|
==============================
10.0.0.1/24
eth0
Firewallbox
-j MASQUERADE (actual no snat, this should be a problem)
eth1 eth1:1
212.8.203.4 192.168.0.1
==============================
| |
| |
| ================
| 192.168.0.254/24
| DSL Router(NAT)
| 212.203.240.4/32
| ================
| |
| |
ISP0 ISP1
For some day's i want to use both isp's. My first try was to set tos
0x10 for ssh and use this wit a "ip rule" statement to run into a
special routing table.
ip route add default table http.ftp via 192.168.0.254 src 192.168.0.1
ip rule add tos 16 table http.ftp
ip route flush
After that i check this with "tcpdump -i eth1 -n port 22". The new ssh
connection use the old(212.8.203.4) gateway.
Independent from my snat problem on eth1:1, the ssh packet has to leave
the firewall over eth1:1(192.168.0.1). Is there a typical beginner fault
in my ip route/rule config?
Second: Is there a way to do MASQUERADE or SNAT on both interfaces(eth1,
eth1:1)? Do the packets mangled before the arrive netfilter pre- or
postrouting? Or ask another way round: When do the packet manipulate by
the routing table?
my picture if netfilter is:
============ ============= =========
| | | | | |
-->Packet-->|prerouting|---routing decision---|postrouting|-----+--|forward|--+-->
| | | | | | | |
============ ============= | ========= |
[1] [2] [3] | |
| |
======= =======
| In | | Out |
======= =======
Where do the packet get the source address 192.168.0.1 from the "ip
route" rule?
I hope i explain my problem in a way that you can give one/siome hints.
Frank.
--
Frank Matthieß frankm@xxxxxxxxxx
May the penguin be with you!
Attachment:
pgp00486.pgp
Description: PGP signature
