From mboxrd@z Thu Jan  1 00:00:00 1970
From: Luca Maragnani <luca.maragnani@objectlab.it>
Date: Wed, 12 Oct 2005 08:46:08 +0000
Subject: [LARTC] Ip route cache problem
Message-Id: <434CCD50.3080104@objectlab.it>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hello,
I need some help about a routing problem on a complex configuration.

The problem is that I can't reach from services outside from my DMZ.

The scenario is a gateway linked to three internet connections, so that 
I used three distinct iproute2 tables for routing. The gw is running 
ipvs for balancing over the dmz's servers.

DMZ servers are on 192.168.1.0/24 network, .

Every table has the route to reach :
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1

I'm using iptables to NAT a server on my DMZ to reach DNS services outsides:
iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 151.99.0.100 
--dport 53 -j SNAT --to-source 81.77.88.99

Looking inside the cache I find only the route to reach the dns server, 
but not the one that the dns needs to reach my server:
151.99.0.100 from 192.168.1.2 via 81.77.88.100 dev eth2  src 192.168.1.249
    cache <src-direct>  mtu 1500 advmss 1460 metric10 64 iif eth0

I experieced in the past that reentering the iptables nat command 
worked, but it seems a random effect and not always works.

Thank's in advance,
Luca Maragnani

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc