From mboxrd@z Thu Jan 1 00:00:00 1970 From: ro0ot Date: Mon, 15 Nov 2004 17:26:41 +0000 Subject: Re: [LARTC] source policy routing going to wrong path Message-Id: <4198E6D1.80309@phreaker.net> List-Id: References: <419804F9.4020902@phreaker.net> In-Reply-To: <419804F9.4020902@phreaker.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hi Tami, I added the following and it helps... ip rule add nat 1.1.1.10 from 172.16.0.1 table 1 ip rule add nat 2.2.2.10 from 192.168.0.1 table 2 Is the above two lines correct? Regards, ro0ot Paul Zirnik wrote: >On Mon, 15 Nov 2004, ro0ot wrote: > > > >>Hi, >> >>Below is my Linux firewall network configuration: - >> >>eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252 >>eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252 >>eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0 >>eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0 >> >>isp 1 gateway: 1.1.1.9 >>isp 2 gateway: 2.2.2.9 >> >> >>Below is my iptables rules: - >> >>echo 1 > /proc/sys/net/ipv4/ip_forward >> >>iptables -t nat -A PREROUTING -d 1.1.1.10 -j DNAT --to-destination 172.16.0.1 >>iptables -t nat -A PREROUTING -d 2.2.2.10 -j DNAT --to-destination 192.168.0.1 >> >>iptables -t nat -A POSTROUTING -s 172.16.0.1 -j SNAT --to-source 1.1.1.10 >>iptables -t nat -A POSTROUTING -s 192.168.0.1 -j SNAT --to-source 2.2.2.10 >> >> > >POSTROUTING (as the name says it) happens after all routing discussions >are made, just before the paket reaches the line. >So you need some more ip rules to push the pakets on the right way. > > > >>When I perform a traceroute from a workstation with the IP address of >>192.168.0.1 and gateway 192.168.0.254, I can see the result of the traceroute >>going through the 1.1.1.9 gateway, why? It suppose to SNAT to 2.2.2.10 via >>2.2.2.9 gateway. >> >> > >greets, > Tami >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/