NAT: ip rule FROM seems ignored

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florent B <florent@coppint.com>
To: lartc@vger.kernel.org
Subject: NAT: ip rule FROM seems ignored
Date: Fri, 26 Dec 2014 19:03:57 +0000	[thread overview]
Message-ID: <549DB11D.6020605@coppint.com> (raw)

Hi everyone,

I'm not an iproute2 or iptables guru, so please excuse me if I say
something wrong.

I have a server with Debian Squeeze (2.6.32) which needs to act as a
load balancer.

It needs to do NAT with backends servers.

Until there, it is working, I have packet going out my server to the
client IP address.

The problem is that this packet is not sent to the right gateway !

Here is my IP config :

eth0 : 10.111.13.41/16

eth0:vip : 10.111.13.40/16

eth1 : 10.108.13.111/16

eth1:sina1-1 : 10.108.240.164/16

eth1:sina1-2 : 10.108.240.165/16

eth1:sina1-3 : 10.108.240.166/16

eth1:sina1-4 : 10.108.240.167/16

eth1:sina1-5 : 10.108.240.168/16

I have a "global" system gateway at 10.111.0.253.

When my server is interrogated at 10.108.240.164, it needs to send the
reply to 10.108.0.111.

So here is my config :

root@lb04-1:~# ip rule list
0:    from all lookup local
32758:    from 10.108.240.164 lookup table_eth1
32759:    from 10.108.240.167 lookup table_eth1
32760:    from 10.108.240.166 lookup table_eth1
32761:    from 10.108.240.165 lookup table_eth1
32762:    from 10.108.240.168 lookup table_eth1
32763:    from 10.111.13.40 lookup table_eth0
32764:    from 10.108.13.111 lookup table_eth1
32765:    from 10.111.13.41 lookup table_eth0
32766:    from all lookup main
32767:    from all lookup default

root@lb04-1:~# ip route show table table_eth1
10.108.0.0/16 dev eth1  scope link  src 10.108.13.111
default via 10.108.0.111 dev eth1

Is it, or not, the right way to do this ?

My reply packet from 10.108.240.164 is sent to 10.111.0.254... :(

Can someone has an idea of what I'm doing wrong ?

Thank you a lot.

next             reply	other threads:[~2014-12-26 19:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-26 19:03 Florent B [this message]
2014-12-27  9:46 ` NAT: ip rule FROM seems ignored Florent B

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=549DB11D.6020605@coppint.com \
    --to=florent@coppint.com \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.