[LARTC] Wierd traceroute/routing problem

[LARTC] Wierd traceroute/routing problem

[Tanasescu Mihai]

Hello,

I'm having a very strange problem concerning traceroute and routing
and didn't know if lartc or netfilter would be the correct choice for
asking. (so sorry if my question is misplaced)

I have the following setup:

public ip -- gw1 -- 172.16.0.1 --- 172.16.0.2/and public ip's --- gw2
--- switch --users (public and private ip addresses; ip-user-pub)

from the internet:
Traceroute to a ip-user-pub shows: public ip gw1 --> 172.16.0.2 --> ip-user-pub

I tried using SNAT on gw2 so that instead of 172.16.0.2 I would get
one of the public ip addresses I have on gw2.
It seems that packets with ttl time exceeded in transit get through to
the mangle table in POSTROUTING but no longer reach the nat table in
POSTROUTING (so they no longer get SNATed).
The same thing happens to these kind of icmp packets if I try to SNAT
them on gw1.

Tcpdump just shows me 172.16.0.2 each time, exitting the public
interfaces and the nat rule counter does not increase..

I also tried marking packets in mangle table and then seeing if that
same mark reaches the nat table (both done in POSTROUTING) and saw
that my mark no longer gets to the nat table.

Any ideea what's causing this ?
Or how can I make it so that instead of 172.16.0.2 I would get one of
gw2's public ip's ?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/