From: Lukas Kolbe <lucky@knup.de>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Routing private and non-private ips
Date: Fri, 19 Jul 2002 18:29:17 +0000 [thread overview]
Message-ID: <marc-lartc-102710345126562@msgid-missing> (raw)
In-Reply-To: <marc-lartc-102676164426604@msgid-missing>
Am Mit, 2002-07-17 um 19.18 schrieb Martin A. Brown:
> Lucky,
> So, you have something in your chains rules that looks like this:
> ipchains -A forward -s 192.168.2.0/24 -d 0/0 -j MASQ
> Simply insert a special case:
> ipchains -I forward 1 -s 192.168.2.206 -d 0/0 -j ACCEPT
OK, now I have in the firewall:
Chain input (policy DENY):
target prot opt source destination ports
[ipac and lo rules]
ACCEPT all ------ 0.0.0.0/0 pu.bl.ic.ip n/a
[rest]
Chain forward (policy DENY):
target prot opt source destination
ports
ACCEPT all ------ 0.0.0.0/0 192.168.2.206 n/a
ACCEPT all ------ 192.168.2.206 0.0.0.0/0 n/a
[masq`ing stuff]
Chain output (policy DENY):
target prot opt source destination
ports
[ipac]
ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
ACCEPT all ------ 192.168.2.206 0.0.0.0/0 n/a
[rest]
and the routing is as follows:
moria2:/etc/ipmasq/rules# ip rule ls
0: from all lookup local
320: from 192.168.2.206 lookup public.ip
32763: from is.dn.if.ip lookup isdn
32766: from all lookup main
32767: from all lookup default
moria2:/etc/ipmasq/rules# ip route show table public.ip
nat pu.bl.ic.ip via 192.168.2.206 scope host
default dev ippp3 scope link
moria2:/etc/ipmasq/rules# ip route show table isdn
default via is.dn.peer.ip dev ippp3
I have a problem with the public.ip-table:
normally, like in the lartc-howto, one does
ip route add default via is.dn.peer.ip dev ippp3 table public.ip
this actually works for table isdn (right after dial-up), but when I do
this for table public.ip I get:
RTNETLINK answers: Network is unreachable
The ISDN-Peer is in another subnet (x.x.32.121) than our address-space
(x.x.35.40/29), maybe that does matter.
I hope somebody can help me there. If not, I'm just going on and try
things out :)
Maybe it is a Kernel-Problem, or such. I'm using 2.2.20, perhaps I have
to use the lates 2.4?
--
Lucky
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2002-07-19 18:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-15 19:32 [LARTC] Routing private and non-private ips Lucky
2002-07-16 18:19 ` Martin A. Brown
2002-07-17 15:15 ` Lukas Kolbe
2002-07-17 17:18 ` Martin A. Brown
2002-07-19 18:29 ` Lukas Kolbe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-102710345126562@msgid-missing \
--to=lucky@knup.de \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.