From: Raphael Benedet <raph@raph.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] 2 providers & DNAT: incoming packets not forwarded
Date: Thu, 19 Feb 2004 16:48:23 +0000 [thread overview]
Message-ID: <4034E8D7.5030808@raph.com> (raw)
In-Reply-To: <4034CBF2.50104@raph.com>
Hi,
It is of course set to 1.
I already have DNATing on eth1 and it works very well.
I suppose my problem come from my routing table but I don't understand
why no route is found to 172.16.1.4 coming from ppp0 with the current
configuration.
Regards,
Raph
Alexander A. Naumov wrote:
> Hi!
> May be you need to set /proc/sys/net/ipv4/ip_forward sysctl value to 1?
>
> Best regards,
> Alexander A. Naumov
>
> On Thu, Feb 19, 2004 at 03:45:06PM +0100, Raphael Benedet wrote:
>
>>Hi,
>>
>>I have a problem with incoming connections on my Linux gateway.
>>I have 2 providers, cable modem on eth1 and dsl on eth2 <-> ppp0
>>(pppoe). The lan network is connected to eth0. At the moment, I have a
>>very simple configuration where the default route is via eth1 (cable
>>modem). I set up DNAT on ppp0 to forward incoming traffic for certain
>>ports to a computer behind the gateway/firewall:
>>iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 2000 -j DNAT
>>--to-destination 172.16.1.4
>>Packets get lost and never reach the FORWARD chain (I logged all packets
>>to be sure)
>>
>>Here are my routes:
>>
>># ip route ls
>>215.136.169.1 dev ppp0 proto kernel scope link src 215.136.169.15
>>135.165.199.128/25 dev eth1 proto kernel scope link src 135.165.199.139
>>172.16.0.0/16 dev eth0 proto kernel scope link src 172.16.1.1
>>default via 135.165.199.129 dev eth1
>>
>>So, I understand traffic by default goes via eth1, but why don't
>>incoming packets redirected (DNATed) to an intranet IP address go out
>>via eth0?
>>If I change my default route in table main to go via ppp0, then, it
>>works. And DNATing on eth1 works with the current configuration.
>>
>>I don't have any other routing tables nor complex routing rules:
>># ip rule ls
>>0: from all lookup local
>>32766: from all lookup main
>>32767: from all lookup default
>>
>>I am running kernel 2.4.23 with Julian's patches.
>>
>>Any help would be greatly appreciated. Thank you.
>>
>>Raph
>>
>>
>>--
>>
>>Raphael Benedet
>>3D Artists - raph.com
>>"bringing art into the third dimension"
>>
>>_______________________________________________
>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2004-02-19 16:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-19 14:45 [LARTC] 2 providers & DNAT: incoming packets not forwarded Raphael Benedet
2004-02-19 16:31 ` Alexander A. Naumov
2004-02-19 16:48 ` Raphael Benedet [this message]
2004-02-20 7:29 ` Razvan Stranschi
2004-02-20 10:08 ` Raphael Benedet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4034E8D7.5030808@raph.com \
--to=raph@raph.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.