* [LARTC] Problems with route by fwmark
@ 2003-03-15 12:38 Sebastian Schneider
0 siblings, 0 replies; only message in thread
From: Sebastian Schneider @ 2003-03-15 12:38 UTC (permalink / raw)
To: lartc
Hi,
I have some Problems with Advanced Routing by FWMARK. Here my configuration:
static routes ( route -n ) :
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
...
192.168.1.0 10.111.111.1 255.255.255.0 UG 0 0 0 eth0
...
192.168.7.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2
192.168.6.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2
192.168.5.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2
192.168.4.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2
192.168.3.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2
192.168.2.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2
192.168.12.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2
192.168.11.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2
192.168.9.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2
192.168.8.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2
...
Our network 192.168.1.0/24 (reachable by eth0) is addressed with 192.168.10.0/24 for all other
networks, which are reachable by eth2. It works fine with some SNAT-rules and DNAT-rules. The
Big Problem is a second 192.168.1.0-network, which is reachable by eth2. Our network wants to
address this network with 192.168.20.0/24.
netfilterscript:
...
# workaround (http://lists.netfilter.org/pipermail/netfilter/2000-November/006089.html)
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/route/flush
...
# rules to route packtes from 192.168.1.0 to virtual 192.168.20.0 => to second 192.168.1.0
/usr/sbin/iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 17
for ((i=3; i<255; i++)); do
/usr/sbin/iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -d 192.168.20.${i} -j
DNAT --to-destination 192.168.1.${i}
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.${i} -o eth2 -j SNAT --to-source
192.168.10.${i}
...
done
...
# in /etc/iproute2/rt_tables: ... 201 m.table ...
ip rule add fwmark 17 table m.table
/sbin/ip route add 192.168.1.0/24 via 10.111.111.6 dev eth2 table m.table
...
EOnetfilterscript
> ip rule ls
0: from all lookup local
32765: from all fwmark 17 lookup m.table
32766: from all lookup main
32767: from all lookup default
> ip route list table m.table
192.168.1.0/24 via 10.111.111.6 dev eth2
But!!!!
Packets from 192.168.1.0/24 to 192.168.20.0/24 leaves the router by eth0 (with IP-Header:
From 192.168.1.0/24 To 192.168.1.0/24) => DNAT Works. The mangle-rule works too, because
I log all Packets marked with 17.
System:
SuSE Linux 8.0 with Kernel SuSE-2.4.18-4GB
Advanced Routing und RouteByFWMARK ist configured:
> cd /usr/src/linux
> make cloneconfig
> cat ./.config | grep IP | grep ROUTE
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_ROUTE_LARGE_TABLES=y
CONFIG_IP_MROUTE=y
What's the Problem???
Thanks,
Basti
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-03-15 12:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-03-15 12:38 [LARTC] Problems with route by fwmark Sebastian Schneider
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.