From: Enrique Huerta de la Fuente <ehuerta@ixer.mx>
To: netfilter <netfilter@vger.kernel.org>
Subject: MASQUERADE rule does not work with routing table and bridge
Date: Tue, 4 Mar 2014 18:47:19 -0600 (CST) [thread overview]
Message-ID: <1102937548.23818.1393980439979.JavaMail.root@ixer.mx> (raw)
In-Reply-To: <396104199.23817.1393979999577.JavaMail.root@ixer.mx>
Hi,
I have two routing tables: telmex (br3) y bbs (br2); both have your property gateway and i set up the routing rules. I can connect to ip2 and ip3 from internet. And the default gateway in the main routing table is ip2.
From te linux router i can output to internet by the gateway ip2, but when i mark certain traffic for outgoing by br3 and masquerade its, not masquerade!!
I know that the traffic output is by eth2 (br3) because i log with ebtables (ebtables -I OUTPUT) but the ip source is ip2.
I disable CONNTRACK for traffic outgoing by br3, but nothing. When i change default gateway in the main routing to ip3, it works fine.
The problem is that the MASQUERADE rule does not work with routing table and bridge.
Any idea?
________
+------------+ /
| | |
+-------------+ Provider 1 +-------
__ |ip2 | | /
___/ \_ +------+-------+ +------------+ |
_/ \__ | br2 | /
/ \ | | |
| Local network -----+ Linux router | | Internet
\_ __/ | | |
\__ __/ | br3 | \
\___/ +------+-------+ +------------+ |
|ip3 | | \
+-------------+ Provider 2 +-------
| | |
+------------+ \________
# ip route ls
139.132.201.56/29 dev br2 proto kernel scope link src 139.132.201.58
188.126.250.96/28 dev br3 proto kernel scope link src 188.126.250.98
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
192.168.168.0/21 dev br0 proto kernel scope link src 192.168.172.254
192.168.168.0/21 dev br1 proto kernel scope link src 192.168.172.253
default via 139.132.201.62 dev br2
# ip rule ls
0: from all lookup local
32755: from all fwmark 0x5 lookup telmex
32756: from 188.126.250.98 lookup telmex
32757: from 139.132.201.58 lookup bbs
32758: from all fwmark 0x3 lookup bbs
32766: from all lookup main
32767: from all lookup default
# ip route ls table bbs
139.132.201.56/29 dev br2 scope link src 139.132.201.58
default via 139.132.201.62 dev br2
# ip route ls table telmex
188.126.250.96/28 dev br3 scope link src 188.126.250.98
default via 188.126.250.97 dev br3
E.Huerta
parent reply other threads:[~2014-03-05 0:47 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <396104199.23817.1393979999577.JavaMail.root@ixer.mx>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1102937548.23818.1393980439979.JavaMail.root@ixer.mx \
--to=ehuerta@ixer.mx \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.