RE: How do I masquerade based on the interface???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, August 25, 2004 2:05 pm, Jason Opperisano said:
>> Hi all,
>>
>> I know that Masquerade makes the outgoing packet with the src "ip
>> address" ofthe link it
>> is going out on. BUT is there a way to specify the actual interface it
>> shouldgo out on.
>>
>> for example, if there is ppp0 and ppp1, I want to be able to send all
>> ICMP packets through
>> say ppp0.
>>
>> Basically I want all ICMP packets to go through one interface, don't
>> care which one...
>>
>> What kind of rules will I need?
>
> two thoughts come to mind:
>
> 1) using the MARK target to set marks and using iproute2 to route the
> traffic accordingly (you can't swing a dead cat on this mailing list or on
> google without hitting an example on how to do this)
>
> 2) using the ROUTE target.  seems to be a less common answer--but the
> example used in the help file is your exact scenario:
>
>   # To force all outgoing icmp packet to go through the eth1 interface
>   # (final target) :
>   iptables -A POSTROUTING -t mangle -p icmp -j ROUTE --oif eth1
>

*For suggestion (2)*

To make it working with the MASQUERADE target, you'll need this :

1) Force the packet to continue traversing the other rules.
   iptables -A POSTROUTING -t mangle -p icmp -j ROUTE --oif ppp1 --continue

2) Read & patch ipt_MASQUERADE.c with the following post:
https://lists.netfilter.org/pipermail/netfilter-devel/2004-January/013695.html

If nothing works, try using the ROUTE target in the FORWARD chain instead.

HTH,

Samuel Jean
CookingLinux.org




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux