From: Jarek Sobieszek <j.sobieszek@lart.pl>
To: netfilter@lists.netfilter.org
Subject: loopback and pointopoint interfaces
Date: Thu, 30 Jan 2003 12:00:35 +0100 [thread overview]
Message-ID: <20030130110035.GA3701@localhost.localdomain> (raw)
Hello,
I have some problems testing local interfaces over loopback.
Consider the following setup:
if0: 10.1.1.1 pointopoint 10.1.1.12
if1: 10.1.1.2 pointopoint 10.1.1.11
cable connects if0 with if1
iptables -A POSTROUTING -t nat -d 10.1.1.11 -j SNAT --to 10.1.1.12
iptables -A POSTROUTING -t nat -d 10.1.1.12 -j SNAT --to 10.1.1.11
iptables -A PREROUTING -t nat -d 10.1.1.11 -j DNAT --to 10.1.1.1
iptables -A PREROUTING -t nat -d 10.1.1.12 -j DNAT --to 10.1.1.2
ping 10.1.1.11 and ping 10.1.1.12 work as expected
Here's what I believe is going on:
ping 10.1.1.11
src dst
10.1.1.2 10.1.1.11
POSTROUTING(if1)
10.1.1.12 10.1.1.11
OUT: if1
IN: if0
10.1.1.12 10.1.1.11
PREROUTING(if0)
10.1.1.12 10.1.1.1
ICMP
10.1.1.1 10.1.1.12
POSTROUTING(if0)
10.1.1.11 10.1.1.12
OUT: if0
IN: if1
10.1.1.11 10.1.1.12
PREROUTING(if1)
10.1.1.11 10.1.1.2
ping response from 10.1.1.2
Now the setup which I cannot make to work:
if0: 10.1.1.1 pointopoint 10.1.1.12
if1: 10.1.1.3 pointopoint 10.1.1.14
if2: 10.1.1.4 pointopoint 10.1.1.13
if3: 10.1.1.2 pointopoint 10.1.1.11
cables connect if0 to if1 and if2 to if3
iptables -A POSTROUTING -t nat -d 10.1.1.11 -j SNAT --to 10.1.1.3
iptables -A POSTROUTING -t nat -d 10.1.1.12 -j SNAT --to 10.1.1.4
iptables -A POSTROUTING -t nat -d 10.1.1.13 -j SNAT --to 10.1.1.11
iptables -A POSTROUTING -t nat -d 10.1.1.14 -j SNAT --to 10.1.1.12
iptables -A PREROUTING -t nat -d 10.1.1.11 -j DNAT --to 10.1.1.14
iptables -A PREROUTING -t nat -d 10.1.1.12 -j DNAT --to 10.1.1.13
iptables -A PREROUTING -t nat -d 10.1.1.13 -j DNAT --to 10.1.1.2
iptables -A PREROUTING -t nat -d 10.1.1.14 -j DNAT --to 10.1.1.1
ping 10.1.1.1 and ping 10.1.1.2 don't work
Here's what I believe should be going on (but apparently it isn't):
ping 10.1.1.11
src dst
10.1.1.2 10.1.1.11
POSTROUTING(if3)
10.1.1.3 10.1.1.11
OUT: if3
IN: if2
10.1.1.3 10.1.1.11
PREROUTING(if2)
10.1.1.3 10.1.1.14 (FWD)
POSTROUTING(if1)
10.1.1.12 10.1.1.14
OUT: if1
IN: if0
10.1.1.12 10.1.1.14
PREROUTING(if0)
10.1.1.12 10.1.1.1
ICMP
10.1.1.1 10.1.1.12
POSTROUTING(if0)
10.1.1.4 10.1.1.12
OUT:if0
IN:if1
10.1.1.4 10.1.1.12
PREROUTING(if1)
10.1.1.4 10.1.1.13 (FWD)
POSTROUTING(if2)
10.1.1.11 10.1.1.13
OUT:if2
IN:if3
10.1.1.11 10.1.1.13
PREROUTING(if3)
10.1.1.11 10.1.1.2
ping response from 10.1.1.2
Any ideas why it doesn't work (I enabled ip_forward and disabled
rp_filter)?
And is it posible to blindly forward packets from if1/if2 to if2/if1
(since the devices are not ehernet I think ethernet bridging does not
qualify)?
Thanks,
Jarek Sobieszek
next reply other threads:[~2003-01-30 11:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-30 11:00 Jarek Sobieszek [this message]
[not found] ` <20030130143348.GC8060@localhost.localdomain>
2003-01-30 14:35 ` loopback and pointopoint interfaces Jarek Sobieszek
2003-01-30 16:45 ` Jarek Sobieszek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030130110035.GA3701@localhost.localdomain \
--to=j.sobieszek@lart.pl \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.