From: Peter Rabbitson <rabbit+list@rabbit.us>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] One machine, two net feeds, outbound route selection
Date: Thu, 25 Oct 2007 21:25:00 +0000 [thread overview]
Message-ID: <472109AC.8040803@rabbit.us> (raw)
In-Reply-To: <59f980d60710241725p5ca9cca2ueb5edc12675f62e3@mail.gmail.com>
Ben Scott wrote:
> On 10/25/07, Peter Rabbitson <rabbit+list@rabbit.us> wrote:
>> Unfortunately not easy without doing local NAT (from the local interface
>> to another local interface).
>
> I thought that might be the case. I even started to write a rule
> about how the NAT might work... but then I ran into brain pain trying
> to figure out how, because I didn't know when the packets get what
> address/interface info assigned to them, and I didn't know how SNAT
> would interact with the routing tables. Normally, I do SNAT in the
> POSTROUTING chain, but by then the routing rules have already run,
> right? So the packet would still be bound for the wrong interface,
> even if the source address is translated. No?
>
I was not thorough enough. The NAT is necessary in order to make the
packet come back through the link/interface you want (because as I noted
previously you do not have control over the choice of a source address).
Once this is out of the way the only problem is how to make an already
routed packet to leave via a different interface. One way to do this is
the ROUTE target:
http://netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-4.html#ss4.5
There might also be other ways to do this, but I never investigated, as
this is a mostly theoretical exercise.
Peter
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
prev parent reply other threads:[~2007-10-25 21:25 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-25 0:25 [LARTC] One machine, two net feeds, outbound route selection Ben Scott
2007-10-25 9:09 ` Peter Rabbitson
2007-10-25 15:39 ` Ben Scott
2007-10-25 17:03 ` Peter Rabbitson
2007-10-25 18:00 ` Ben Scott
2007-10-25 21:16 ` Alex Samad
2007-10-25 21:25 ` Peter Rabbitson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=472109AC.8040803@rabbit.us \
--to=rabbit+list@rabbit.us \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.