From: Enrique Huerta de la Fuente <ehuerta@ixer.mx>
To: Andrew Beverley <andy@andybev.com>
Cc: netfilter@vger.kernel.org
Subject: Re: iptables udp 1195 MASQUERADE
Date: Fri, 10 Feb 2012 12:36:03 -0600 (CST) [thread overview]
Message-ID: <22755605.2952.1328898963472.JavaMail.root@ixer.mx> (raw)
In-Reply-To: <19323396.2950.1328898736467.JavaMail.root@ixer.mx>
>> I have four interfaces and the default gateway is eth1
>>
>> - eth0 (LAN)
>> - eth1 (internet link)
>> - eth3 (internet link)
> - ppp0 (internet link)
>>
>> I mark (mangle) package udp (1195) for out by interface ppp0.
>> "iptables -t mangle -I OUTPUT -p udp -m udp --dport 1195 -j MARK
>> --set-mark 1
>>
>> and when i try MASQUERADE the package udp (1195) with "iptables -t nat
>> -I POSTROUTING -p udp -m udp --dport 1195 -o ppp0 -j MASQUERADE", does
>> not work!!
>
>I'm still not sure exactly what you're trying to achieve. Presumably you
>want different traffic going out on different interfaces, source-natted
>to that interface IP address.
>
>If so, why not route your traffic as you are already doing (I assume
>that is working) and then just MASQUERADE each interface:
>
>iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
>
>Andy
Yes, I routed traffic by different interfaces, MASQUERADE each interface and it works, I know that because I do the same with the TCP (22) packages (iptables -t nat -I POSTROUTING -p tcp -m tcp --dport 22 -o ppp0 -j MASQUERADE) and it works very well. But only the UDP(1195) packages do not work.
I have dealt with:
iptables -t nat -I POSTROUTING -p udp -m udp --dport 1195 -o ppp0 -j MASQUERADE
iptables -t nat -I POSTROUTING -p udp --dport 1195 -o ppp0 -j MASQUERADE
iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
but it does not work.
Any ideas?
E.Huerta
next parent reply other threads:[~2012-02-10 18:36 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <19323396.2950.1328898736467.JavaMail.root@ixer.mx>
2012-02-10 18:36 ` Enrique Huerta de la Fuente [this message]
2012-02-10 20:05 ` iptables udp 1195 MASQUERADE Andrew Beverley
2012-02-10 22:55 ` Enrique Huerta de la Fuente
2012-02-11 9:13 ` SamLT
2012-02-14 17:18 ` Enrique Huerta de la Fuente
[not found] <25775146.3320.1329329075047.JavaMail.root@ixer.mx>
2012-02-15 18:04 ` Enrique Huerta de la Fuente
[not found] <5260549.3200.1329242426858.JavaMail.root@ixer.mx>
2012-02-14 18:05 ` Enrique Huerta de la Fuente
2012-02-14 22:41 ` Sven-Haegar Koch
[not found] <5634144.2926.1328853844897.JavaMail.root@ixer.mx>
2012-02-10 6:05 ` Enrique Huerta de la Fuente
2012-02-10 15:57 ` Andrew Beverley
[not found] <26800503.2896.1328827967506.JavaMail.root@ixer.mx>
2012-02-10 5:44 ` Enrique Huerta de la Fuente
[not found] <13902251.2734.1328591255561.JavaMail.root@ixer.mx>
2012-02-07 5:12 ` Enrique Huerta de la Fuente
2012-02-09 20:48 ` Andrew Beverley
[not found] <13116495.2023.1327446410284.JavaMail.root@ixer.mx>
2012-01-24 23:34 ` Enrique Huerta de la Fuente
2012-02-04 19:58 ` Andrew Beverley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=22755605.2952.1328898963472.JavaMail.root@ixer.mx \
--to=ehuerta@ixer.mx \
--cc=andy@andybev.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.