John Smithee wrote, On 10/04/2014 05:07 PM:
Thomas Bätzler wrote, On 10/04/2014 03:56 PM:
Hi,
Am 04.10.2014 um 13:06 schrieb John Smithee:
Ok, I admit using "ping -I" was a bad example. The whole point I tried
to make is, that the second net (69.0) cannot reach any other IP
outside its own net.
The goal is to let 69.0 reach the world via this gateway machine
68.22/69.22.
Is some iptables needed in this case?
You do have IP forwarding enabled?
If not, enable it using
echo "1" > /proc/sys/net/ipv4/ip_forward
and try again.
HTH,
Thomas
Yes, ip frowarding is enabled.
After doing much research on the net and experimenting
I think (still testing) I finally found a solution,
but it's unfortunately a little bit complicated.
I'll summarize later.
I finally managed to get it working with these steps:
IF0="eth0"
NW0="192.168.68.0/24"
ET0="192.168.68.22"
GW0="192.168.68.254"
TAB0="my0" # must be defined in /etc/iproute2/rt_tables, f.e. 100 my0
IF1="eth1"
NW1="192.168.69.0/24"
ET1="192.168.69.22"
GW1="192.168.69.7"
TAB1="my1" # must be defined in /etc/iproute2/rt_tables, f.e. 101 my1
ip route add $NW0 dev $IF0 src $ET0 table $TAB0
ip route add default via $GW0 table $TAB0
ip route add $NW1 dev $IF1 src $ET1 table $TAB1
ip route add default via $GW1 table $TAB1
ip route add $NW0 dev $IF0 src $ET0
ip route add $NW1 dev $IF1 src $ET1
# your preference for default route:
ip route add default via $GW0
ip rule add from $ET0 table $TAB0
ip rule add from $ET1 table $TAB1
ip rule add to $ET0 table $TAB0
ip rule add to $ET1 table $TAB1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
This solution is not that bad, though IMHO complicated.
But one thing is still missing: 69.* cannot ping
the IP 68.22, but other than that it can reach everything else.
If someone knows a simpler solution pls let me know, thx.
Here are some references where I found the above stuff:
http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/
http://www.linuxhorizon.ro/iproute2.html
http://www.lartc.org/howto/lartc.rpdb.html
http://www.lartc.org/howto/lartc.rpdb.multiple-links.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html