Hello,
First: I'm not subscribed to this list so please make sure that any reply is
also sent to: fred@xxxxxxxxxxxxxxxxxxxxxx
I have a weird problem trying to setup multiple routes on my NAT-box
I have the following setup:
<local network> <NAT-box>
[192.168.0.0/24] eth0: 192.168.0.1
eth1: <adsl.static.ip>
tunl1: <tunnel to remote NAT-box via eth1>
The remote NAT-box can reach a special subnet which I want to connect to.
The special subnet is also reachable thru eth1, but I want the packages that
reach the special subnet to be NAT-ted by the remote NAT-box
On my NAT-box I add the following route:
ip route add <special.sub.net> dev tunl1
the relevant iptables rules are:
iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth1 \
-j SNAT --to-source <adsl.static.ip>
iptables -t nat -A POSTROUTING -o tunl1 \
-j SNAT --to-source <adsl.static.ip>
All messages originating from my NAT-box for the special subnet are routed
through tunl1 and SNAT-ted by the second iptables rule
All messages originating from my local subnet for the special subnet are
routed through tunl1 and *NOT* SNAT-ted by the second iptables rule (the
packages never reach the POSTROUTING chain)
If I remove the special subnet route with:
ip route del <special.sub.net> dev tunl1
then all messages originating from my local subnet for the special subnet are
routed through eth1 and SNAT-ted by the first iptables rule
All messages originating from my NAT-box for the special subnet are directely
routed through eth1 and *NOT* SNAT-ted (no matching rule for
SRC=<adsl.static.ip>)
Summarizing: When I want to reach the special subnet using the remote NAT-box
I can only do this *ON* the NAT-box and all machines in my local subnet cat
*NOT REACH THE special subnet AT ALL*
Can anybody shed some light on this problem?
Please send relies to: fred@xxxxxxxxxxxxxxxxxxxxxx
