From: richard lucassen <mailinglists@lucassen.org>
To: netfilter@lists.netfilter.org
Subject: NATed packets only enter the default routing table
Date: Sat, 8 Apr 2006 17:07:24 +0200 [thread overview]
Message-ID: <20060408170724.4fd8a877.mailinglists@lucassen.org> (raw)
(copy from lartc mailinglist)
I set up this config:
+------+
-+ ISP1 +--+
+------+ | +-------+
+--+ linux |
+------+ | +-------+
-+ ISP2 +--+
+------+
No problem. Standard setup with two ISP's. Both routed subnets. Default
gateway is ISP1. No magic here.
Now I put a server behind the Linux box. I want the server to be
reachable on an /extra/ IP in the routed subnet of ISP2.
+------+
-+ ISP1 +--+
+------+ | +-------+ +-----------------+
+--+ linux +--+ server 10.0.0.2 |
+------+ | +-------+ +-----------------+
-+ ISP2 +--+
+------+
router ISP2: 1.2.3.1/24
dev ISP2: eth1
Linux box eth1: 1.2.3.2/24
external ip ISP2 for server 10.0.0.2: 1.2.3.3
arp -s 1.2.3.3 aa:bb:cc:dd:ee:ff pub
ip route add 1.2.3.3 via 10.0.0.2
iptables -t nat -A PREROUTING -i eth1 -d 1.2.3.3 -j DNAT --to 10.0.0.2
When pinging 1.2.3.3, the packets get in through eth1 (ok), but the
replies are following the default routing table through eth0 (wrong)
Even a
ip rule add from 1.2.3.3 lookup table_eth1
doesn't change this behaviour. It is working ok when I add the address
1.2.3.3 directly to eth1 (without NAT):
ip a a 1.2.3.3 dev eth1
Why is this?
R.
--
___________________________________________________________________
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.
+------------------------------------------------------------------+
| Richard Lucassen, Utrecht |
| Public key and email address: |
| http://www.lucassen.org/mail-pubkey.html |
+------------------------------------------------------------------+
next reply other threads:[~2006-04-08 15:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-08 15:07 richard lucassen [this message]
-- strict thread matches above, loose matches on Subject: below --
2006-04-08 17:40 NATed packets only enter the default routing table richard lucassen
2006-04-09 13:56 ` Jeroen Elebaut
2006-04-09 18:30 ` richard lucassen
2006-04-09 22:00 ` Alexander Samad
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060408170724.4fd8a877.mailinglists@lucassen.org \
--to=mailinglists@lucassen.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.