[LARTC] help on iproute2

[LARTC] help on iproute2

[Bambang Yulianto]

hi guys .. I'm linux newbie
I have LAN that connected to internet.
here is the pic :

[internet]----------[Linux]----------[LAN]
    |                  |               |
202.149.83.192-207  202.149.83.194   192.168.0.1-35

with RedHat Linux 2.4.18, how can I make every 4 ip on
LAN will be 1 ip on the internet ? (sorry abt my
english )
example: 

192.168.0.1-4 ---> 202.149.83.195
192.168.0.4/30 --> 202.149.83.196
192.168.0.8/30 --> 202.149.83.197
.
.
.

with my old linux (2.2.16) ..
I use :
modprobe dummy
ifconfig dummy0 202.149.83.195 netmask 255.255.255.240
ifconfig dummy0:1 202.149.83.196 netmask
255.255.255.240
ifconfig dummy0:2 202.149.83.197 netmask
225.255.255.240
.
.
.
ip rule add from 192.168.0.0/30 nat 202.149.83.195
ip rule add from 192.168.0.4/30 nat 202.149.83.196
ip rule add from 192.168.0.8/30 nat 202.149.83.197
.
.
.

but It's NOT WORKING on my new 2.4.18 Linux.
what should I do ?
Thanks before
Yours

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - sign up for Fantasy Baseball
http://sports.yahoo.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] help on iproute2

[bert hubert]

On Sat, Mar 02, 2002 at 01:48:43AM -0800, Bambang Yulianto wrote:
> here is the pic :
> 
> [internet]----------[Linux]----------[LAN]
>     |                  |               |
> 202.149.83.192-207  202.149.83.194   192.168.0.1-35

Very good!

> ip rule add from 192.168.0.0/30 nat 202.149.83.195
> ip rule add from 192.168.0.4/30 nat 202.149.83.196
> ip rule add from 192.168.0.8/30 nat 202.149.83.197

I don't think this syntax works anymore. I would do this with iptables,
http://www.iptables.org - that syntax is far more widely used. I'm not even
sure if it ever worked! Every packet coming from 192.168.0.1 or 0.2 or 0.3
will get assigned 202.149.83.195 - this is information loss, there is no way
to map back.

Otherwise, read the iproute documentation, it's called ip-cref.tex I think.

But I think you should use iptables and SNAT - you need a way to map packets
back using a table.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] help on iproute2

[Julian Anastasov]

	Hello,

On Sat, 2 Mar 2002, bert hubert wrote:

> > ip rule add from 192.168.0.0/30 nat 202.149.83.195
> > ip rule add from 192.168.0.4/30 nat 202.149.83.196
> > ip rule add from 192.168.0.8/30 nat 202.149.83.197
>
> I don't think this syntax works anymore. I would do this with iptables,

	There is a small patch that fixes this for Netfilter but don't
expect it in the mainstream kernels. The current status is
0 votes for it and it can be replaced with iptables rules, of
course, it is useful for complex setups. Here it is:

http://www.linuxvirtualserver.org/~julian/#rtmasq

	It also fixes bugs that nobody wants to fix already for
months.

> Regards,
>
> bert

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] help on iproute2

[Ard van Breemen]

On Sat, Mar 02, 2002 at 01:48:43AM -0800, Bambang Yulianto wrote:
> hi guys .. I'm linux newbie
> I have LAN that connected to internet.
> here is the pic :
> 
> [internet]----------[Linux]----------[LAN]
>     |                  |               |
> 202.149.83.192-207  202.149.83.194   192.168.0.1-35
> 
> with RedHat Linux 2.4.18, how can I make every 4 ip on
> LAN will be 1 ip on the internet ? (sorry abt my
> english )
> example: 
> 
> 192.168.0.1-4 ---> 202.149.83.195
> 192.168.0.4/30 --> 202.149.83.196
> 192.168.0.8/30 --> 202.149.83.197
You are actually saying that your system was masquerading.

> with my old linux (2.2.16) ..
> I use :
> modprobe dummy
> ifconfig dummy0 202.149.83.195 netmask 255.255.255.240
> ifconfig dummy0:1 202.149.83.196 netmask
> 255.255.255.240
> ifconfig dummy0:2 202.149.83.197 netmask
> 225.255.255.240
> .
> .
> .
> ip rule add from 192.168.0.0/30 nat 202.149.83.195
> ip rule add from 192.168.0.4/30 nat 202.149.83.196
> ip rule add from 192.168.0.8/30 nat 202.149.83.197
> .
> .
> .
> 
> but It's NOT WORKING on my new 2.4.18 Linux.
This is on 2.2 a way to masquerade from specific ip adresses.
As you can read in the ip manual, it really uses the ipchains masquarading
stuff.
As it also says in the manual that this has completely been removed
(except for fastnat) from that layer, since netfilter does it good.
> what should I do ?
Use netfilter/iptables.
iptables -t nat --append POSTROUTING --source 192.168.0.0/30 --jump SNAT --to-source 202.149.83.195
Or something like that.
-- 
<ard@telegraafnet.nl> Telegraaf Elektronische Media  http://wwwijzer.nl
http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html 
Let your government know you value your freedom. Sign the petition:
http://petition.eurolinux.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/