Re: prerouting and route

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

Oguz Yarimtepe a écrit :
I gave some points that i couldnt visualize. First question is related with the route command. Lets say i defined a local route as, 

route add 10.2.0.0 netmask 255.255.255.0 gw 10.2.0.1 dev eth1
Weird route. It looks like the gateway address belongs to the destination range. If so, how do you reach the gateway ? 


and while i am configuring iptables i wrote some rules:

[...]
iptables -t nat -A PREROUTING -i eth0 -p ALL -d 10.2.0.0/24 -j DNAT --to 10.2.0.1 

At this point i ask myself whether i need this rule,


The question is : what do you expect from this rule ?
because i had already defined a route while configuring interfaces. So is there a relation between route definitions and prerouting,
Not directly. Routes tell how to route a packet, i.e. how it must be sent out, mostly depending on its destination address, without altering the destination address. DNAT rules say how to alter the destination address, not how to route that destination.
In both cases here the packets will be sent to the gateway with address 10.2.0.1. But the difference is that routing does not change the original destination address, and the gateway will forward the packets to their final destination. With DNAT, the gateway becomes the final destination.
is it unnecessary to define a local route and try to the same thing with iptables? 

I do not see what you mean.


Second, i have a rule as,

iptables -t nat -A PREROUTING -i eth1 -p ALL  -j DNAT --to 192.168.1.4
192.168.1.4 is the ip of eth0 which is plugged to a gateway with the ip 192.168.1.3. If i send a package from eth1 to lets say 192.168.1.10, its destination address is replaced with 192.168.1.4. After this point, will it continue to 192.168.1.3? If yes how?
No. The new destination address belongs to the host which becomes the final destination, so the packet will be received locally instead of being forwarded. 
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux