From mboxrd@z Thu Jan  1 00:00:00 1970
From: Raphael Benedet <raph@raph.com>
Date: Thu, 19 Feb 2004 16:48:23 +0000
Subject: Re: [LARTC] 2 providers & DNAT: incoming packets not forwarded
Message-Id: <4034E8D7.5030808@raph.com>
List-Id: <lartc.vger.kernel.org>
References: <4034CBF2.50104@raph.com>
In-Reply-To: <4034CBF2.50104@raph.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi,

It is of course set to 1.

I already have DNATing on eth1 and it works very well.
I suppose my problem come from my routing table but I don't understand 
why no route is found to 172.16.1.4 coming from ppp0 with the current 
configuration.

Regards,

Raph

Alexander A. Naumov wrote:
> Hi!
> May be you need to set /proc/sys/net/ipv4/ip_forward sysctl value to 1?
> 
> Best regards,
> Alexander A. Naumov
> 
> On Thu, Feb 19, 2004 at 03:45:06PM +0100, Raphael Benedet wrote:
> 
>>Hi,
>>
>>I have a problem with incoming connections on my Linux gateway.
>>I have 2 providers, cable modem on eth1 and dsl on eth2 <-> ppp0 
>>(pppoe). The lan network is connected to eth0. At the moment, I have a 
>>very simple configuration where the default route is via eth1 (cable 
>>modem). I set up DNAT on ppp0 to forward incoming traffic for certain 
>>ports to a computer behind the gateway/firewall:
>>iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 2000 -j DNAT 
>>--to-destination 172.16.1.4
>>Packets get lost and never reach the FORWARD chain (I logged all packets 
>>to be sure)
>>
>>Here are my routes:
>>
>># ip route ls
>>215.136.169.1 dev ppp0  proto kernel  scope link  src 215.136.169.15
>>135.165.199.128/25 dev eth1  proto kernel  scope link  src 135.165.199.139
>>172.16.0.0/16 dev eth0  proto kernel  scope link  src 172.16.1.1
>>default via 135.165.199.129 dev eth1
>>
>>So, I understand traffic by default goes via eth1, but why don't 
>>incoming packets redirected (DNATed) to an intranet IP address go out 
>>via eth0?
>>If I change my default route in table main to go via ppp0, then, it 
>>works. And DNATing on eth1 works with the current configuration.
>>
>>I don't have any other routing tables nor complex routing rules:
>># ip rule ls
>>0:      from all lookup local
>>32766:  from all lookup main
>>32767:  from all lookup default
>>
>>I am running kernel 2.4.23 with Julian's patches.
>>
>>Any help would be greatly appreciated. Thank you.
>>
>>Raph
>>
>>
>>-- 
>>
>>Raphael Benedet
>>3D Artists - raph.com
>>"bringing art into the third dimension"
>>
>>_______________________________________________
>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
> 
> 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/