From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ionut Popovici Date: Wed, 12 Oct 2005 10:20:16 +0000 Subject: RE: [LARTC] Ip route cache problem Message-Id: <434CE360.7070608@topall.ro> MIME-Version: 1 Content-Type: multipart/mixed; boundary="------------000009030709080106040406" List-Id: References: <434CCD50.3080104@objectlab.it> In-Reply-To: <434CCD50.3080104@objectlab.it> To: lartc@vger.kernel.org This is a multi-part message in MIME format. --------------000009030709080106040406 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit >Hello, >I need some help about a routing problem on a complex configuration. >The problem is that I can't reach from services outside from my DMZ. >The scenario is a gateway linked to three internet connections, so that >I used three distinct iproute2 tables for routing. The gw is running >ipvs for balancing over the dmz's servers. >DMZ servers are on 192.168.1.0/24 network, . >Every table has the route to reach : >192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1 >I'm using iptables to NAT a server on my DMZ to reach DNS services outsides: >iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 151.99.0.100 >--dport 53 -j SNAT --to-source 81.77.88.99 Have u try to use DNAT from iptables because dnat is in PREROTING , and if u have a dns service u need to make the outside service connection to connect 2 your dns server ! >Looking inside the cache I find only the route to reach the dns server, >but not the one that the dns needs to reach my server: >151.99.0.100 from 192.168.1.2 via 81.77.88.100 dev eth2 src 192.168.1.249 > cache mtu 1500 advmss 1460 metric10 64 iif eth0 > >I experieced in the past that reentering the iptables nat command >worked, but it seems a random effect and not always works. > >Thank's in advance, >Luca Maragnani --------------000009030709080106040406 Content-Type: text/x-vcard; charset=utf-8; name="ionut.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="ionut.vcf" begin:vcard fn:Popovici Ionut n:Ionut;Popovici org:ISP TOPALL SRL;IT & Network Administrator adr:Bl.13;;Stefan cel Mare ;Roman;Neamt;5550;Romania email;internet:ionut@topall.ro title:Administrator tel;work:+40-233-742419 tel;fax:+40-233-744881 tel;home:+40-233-720881 tel;cell:+40-746-251059 note;quoted-printable:.........................................................................= =0D=0A= Privileged/Confidential Information may be contained in this message. If=0D=0A= you are not the addressee indicated in this message (or responsible for=0D=0A= delivery of the message to such person), you may not copy or deliver this= =0D=0A= message to anyone. In such a case, you should destroy this message and=0D=0A= kindly notify the sender by reply e-mail. x-mozilla-html:FALSE url:http://www.topall.ro version:2.1 end:vcard --------------000009030709080106040406 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --------------000009030709080106040406--