iptables problem with multible routes [sum]

All of lore.kernel.org
 help / color / mirror / Atom feed

* iptables problem with multible routes [sum]
@ 2002-07-05 11:09 Uwe A. P. Wuerdinger
  0 siblings, 0 replies; only message in thread
From: Uwe A. P. Wuerdinger @ 2002-07-05 11:09 UTC (permalink / raw)
  To: netfilter

Hi list,
I have aproblem originally posted to debian-firewall@lists.debian.org
maybe you guys can help me

---snip---

-------- Original Message --------
Subject: iptables problem with multible routes
Date: Fri, 05 Jul 2002 12:10:07 +0200
From: "Uwe A. P. Wuerdinger" <wuerdinger@x-tec.de>
Organization: X-tec Institute for Computer and network Security GmbH
Newsgroups: mailinglist.debian.firewall

Hi List,
I have a problem with iptables (kernel 2.4.18)
and multible routes.

Setup:
My Firewall (FW) has 3 interfaces
eth0 = Internal
eth1 = dedicatet router connection
ppp0 (PPPoE DSL link on eth2)

a kernel default route pointing to ppp0
an a second routingtable (me-prov) with an other default route
pointing to the router connected to eth1.
I have a NAT rule in place for MASQing the networks on eth0.
For the nat Traffic I mark my packets that should use
the me-prov defaulttable with a 0x1

# iptables -t mangle -I PREROUTING 1 -p tcp -i eth0 --dport 22 \
-j MARK --set-mark 0x01

works like expected.
The packet gets NATed end send out to eth1.

My problem is when I do the same for localy generated packets
(e.g. the mailserver running on the FW) with
# iptables -t mangle -I OUTPUT 1 -p tcp --dport 25 \
-j MARK --set-mark 0x01

The packed got routed out to eth1, as expected but has the Source IP
of ppp0.
What can I do to get that packets the right source IP for eth1?

-------- Original Message --------
Subject: Re: iptables problem with multible routes
Date: Fri, 05 Jul 2002 12:36:12 +0200
From: "Uwe A. P. Wuerdinger" <wuerdinger@x-tec.de>
Organization: X-tec Institute for Computer and network Security GmbH
Newsgroups: mailinglist.debian.firewall
References: <3D25707F.8020002@x-tec.de> <20020705100805.GT31085@virus.home>

Jean Christophe ANDRÃ0/00 wrote:

 > mlist-debianfirewall@x-tec.de écrivait :
 >
 >>The packed got routed out to eth1, as expected but has the Source IP of
 >>ppp0. What can I do to get that packets the right source IP for eth1
 >>
 >
 > Check your NAT rule: you probably need to precise the output interface as
 > "-o ppp0" to only NAT when it goes thought the DSL line.


NOP that would break the NATing of the internal traffic that should go
out to eth1:

iptables -t mangle -I PREROUTING 4 -p tcp -i eth0 --dport 22 \
-j MARK --set-mark 0x01

---snip---

greets Uwe
-- 
X-Tec GmbH
Institute for Computer and Network Security
WWW : http://www.x-tec.de/



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2002-07-05 11:09 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-07-05 11:09 iptables problem with multible routes [sum] Uwe A. P. Wuerdinger

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.