Reverse SNAT routes out wrong interface

All of lore.kernel.org
 help / color / mirror / Atom feed

* Reverse SNAT routes out wrong interface
@ 2003-02-20 20:34 Del Winiecki
  2003-02-21  6:36 ` Joel Newkirk
  0 siblings, 1 reply; 2+ messages in thread
From: Del Winiecki @ 2003-02-20 20:34 UTC (permalink / raw)
  To: netfilter

Ok, another challenge.

SNAT works fine, but I need the outside WAN address to look as if it
came from an address on the eth1 network, not the Upstream WAN network.
My linux router ports:

eth4 192.168.1.0/24 ------------ (local offices, admin net)

eth1 209.x.x.x/24 -------- (downstream WAN)

WAN1 64.x.x.x/30 ---------  (upstream provider)

all traffic from 192.168.1.0/24 must look like its from 209.x.x.13

traffic flowing into WAN1 with a destination address of 209.x.x.13
somehow needs to get routed out the eth4 interface and "un-natted"
instead of routing out eth1.

I have:
iptables -t nat -A POSTROUTING -o WAN1 -j SNAT --to 209.x.x.13

Is there some way to use DNAT to fool the kernel routing into properly
routing this?

Thanks,
Del W.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Reverse SNAT routes out wrong interface
  2003-02-20 20:34 Reverse SNAT routes out wrong interface Del Winiecki
@ 2003-02-21  6:36 ` Joel Newkirk
  0 siblings, 0 replies; 2+ messages in thread
From: Joel Newkirk @ 2003-02-21  6:36 UTC (permalink / raw)
  To: Del Winiecki, netfilter

On Thursday 20 February 2003 03:34 pm, Del Winiecki wrote:
> Ok, another challenge.
>
> SNAT works fine, but I need the outside WAN address to look as if it
> came from an address on the eth1 network, not the Upstream WAN
> network. My linux router ports:
>
> eth4 192.168.1.0/24 ------------ (local offices, admin net)
>
> eth1 209.x.x.x/24 -------- (downstream WAN)
>
> WAN1 64.x.x.x/30 ---------  (upstream provider)
>
> all traffic from 192.168.1.0/24 must look like its from 209.x.x.13
>
> traffic flowing into WAN1 with a destination address of 209.x.x.13
> somehow needs to get routed out the eth4 interface and "un-natted"
> instead of routing out eth1.
>
> I have:
> iptables -t nat -A POSTROUTING -o WAN1 -j SNAT --to 209.x.x.13
>
> Is there some way to use DNAT to fool the kernel routing into properly
> routing this?

Since you only want traffic from the 192.168.1.x network to be SNATted, 
you should construct your rule with that requirement:

iptables -t nat -A POSTROUTING -i 192.168.1.0/24 -o WAN1 -j SNAT --to 
209.x.x.13

Netfilter will then reverse SNAT those packets correctly. (the rule you 
have above will make ALL traffic going out WAN1 appear from that single 
IP) 

If you want NEW traffic addressed to 209.x.x.13 to be DNATted into the 
192.168.1.x network that isn't a problem, but you have to specify a 
precise destination (or destinations) for the traffic in one or more 
DNAT rules.

j

> Thanks,
> Del W.



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2003-02-21  6:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-02-20 20:34 Reverse SNAT routes out wrong interface Del Winiecki
2003-02-21  6:36 ` Joel Newkirk

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.