All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] SNAT or DNAT or what?
@ 2003-04-15 14:43 Torsten Puls
  2003-04-15 15:05 ` Martin A. Brown
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Torsten Puls @ 2003-04-15 14:43 UTC (permalink / raw)
  To: lartc

Hello,

I have a Debian-Woody-3.0 Router with 3 NIC's.
Kernelversion 2.4.18


	+------------+                    +-------------+
	|            |                    |             |
	|192.168.1.1 |                    | 192.168.2.1 |
	| DSL-Router |                    | ISDN-Router |
	+------------+                    +-------------+
            |                                  |
            |                                  |
            +---------+             +----------+
                      |             |
                      |             |
            +----------------------------------+
            |       eth0          eth2         |
            |          Debian-Woody            |
            |             eth1                 |
            +----------------------------------+
                            |
                            |
                   +----------------+
                   | 192.168.3.0/24 |
                   |    localnet    |
                   +----------------+



Mail-Traffic over ISDN-Router
 WWW-Traffic over  DSL-Router

But why?

### Here are my interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 192.168.1.10
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1

auto eth1
iface eth1 inet static
        address 192.168.2.20
        netmask 255.255.255.0
        network 192.168.2.0
        broadcast 192.168.2.255
#       gateway 192.168.2.1

auto eth2
iface eth2 inet static
        address 192.168.3.30
        netmask 255.255.255.0
        network 192.168.3.0
        broadcast 192.168.3.255
#       gateway 192.168.3.1

Is this correct?

### my route:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

and now my firewall-script:

#!bin/bash
# firewall-script

echo 1 > /proc/sys/net/ipv4/ip_forward

?????????????????????????????????????????
iptables -t nat -A POSTROUTING -j SNAT --to 192.168.1.10
so can I surf and get mail, but over eth0

Have anyone an idea?

Kernelmodules are loaded.

Greetz Torsten



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] SNAT or DNAT or what?
  2003-04-15 14:43 [LARTC] SNAT or DNAT or what? Torsten Puls
@ 2003-04-15 15:05 ` Martin A. Brown
  2003-04-15 17:48 ` N N Ashok
  2003-04-15 18:10 ` Martin A. Brown
  2 siblings, 0 replies; 4+ messages in thread
From: Martin A. Brown @ 2003-04-15 15:05 UTC (permalink / raw)
  To: lartc


Torsten,

This is not really a LARTC question (unless you fetch mail from an
arbitrary number of servers, in which case you'll need the
link-load-sharing multiple routing tables solution).

I'm guessing you solution is quite easy....see below.

 : I have a Debian-Woody-3.0 Router with 3 NIC's. Kernelversion 2.4.18

[ nice netmap snipped ]

 : Mail-Traffic over ISDN-Router
 :  WWW-Traffic over  DSL-Router
 : But why?

[ interface definitions snipped ]

 : Is this correct?

Well, yes.  But not complete.

 : ### my route:
 : Kernel IP routing table
 : Destination     Gateway         Genmask         Flags Metric Ref    Use
 : Iface
 : 192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
 : 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
 : 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
 : 0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
 : and now my firewall-script:

Are you fetching mail from a particular mailserver?  If so:

# mailserver!3.165.64.20
# route add -host $mailserver gw 192.168.2.1

Or

# mailserver!3.165.64.20
# ip route add $mailserver via 192.168.2.1

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] SNAT or DNAT or what?
  2003-04-15 14:43 [LARTC] SNAT or DNAT or what? Torsten Puls
  2003-04-15 15:05 ` Martin A. Brown
@ 2003-04-15 17:48 ` N N Ashok
  2003-04-15 18:10 ` Martin A. Brown
  2 siblings, 0 replies; 4+ messages in thread
From: N N Ashok @ 2003-04-15 17:48 UTC (permalink / raw)
  To: lartc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 15 April 2003 11:05, Martin A. Brown scrawled:
> Torsten,
>
> This is not really a LARTC question (unless you fetch mail from an
> arbitrary number of servers, in which case you'll need the
> link-load-sharing multiple routing tables solution).
>
> I'm guessing you solution is quite easy....see below.
>
>  : I have a Debian-Woody-3.0 Router with 3 NIC's. Kernelversion 2.4.18
>
> [ nice netmap snipped ]
>
>  : Mail-Traffic over ISDN-Router
>  :  WWW-Traffic over  DSL-Router
>  : But why?
>
> [ interface definitions snipped ]
>
>  : Is this correct?
>
> Well, yes.  But not complete.
>
>  : ### my route:
>  : Kernel IP routing table
>  : Destination     Gateway         Genmask         Flags Metric Ref    Use
>  : Iface
>  : 192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0
>  : eth2 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0     
>  :   0 eth1 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0 
>  :       0 eth0 0.0.0.0         192.168.1.1     0.0.0.0         UG    0    
>  :  0        0 eth0 and now my firewall-script:
>
> Are you fetching mail from a particular mailserver?  If so:
>
> # mailserver!3.165.64.20
> # route add -host $mailserver gw 192.168.2.1
>
> Or
>
> # mailserver!3.165.64.20
> # ip route add $mailserver via 192.168.2.1
>
> -Martin

Wouldnt setting up ip rules to forward the appropriate traffic through the 
proper gateway be better?

Ashok

- -- 
- -----------------------------------------------------------------------------
My public key:
   gpg --recv-keys --keyserver blackhole.pca.dfn.de DCB44F2E
   
http://pgp.mit.edu:11371/pks/lookup?search=N+N+Ashok+%28CSE+MSU%29+%3Cnnashok%40yahoo.com%3E&op=index
[Fingerprint: 4D6D B9F3 D2B6 A22A F4E5  5763 4615 E956 DCB4 4F2E ]
- -----------------------------------------------------------------------------
"...there is nothing so unnatural as the commonplace."
Sir Arthur Conan Doyle in "Adventures of Sherlock Holmes: A Case of Identity"
- -----------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+nEX9RhXpVty0Ty4RAufDAJsE4zY/mnP0RLRdJsVEpNmlv8JWRACgiK/a
k6zwQXUERfKE0EFYO/e2LG0=YIXJ
-----END PGP SIGNATURE-----

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] SNAT or DNAT or what?
  2003-04-15 14:43 [LARTC] SNAT or DNAT or what? Torsten Puls
  2003-04-15 15:05 ` Martin A. Brown
  2003-04-15 17:48 ` N N Ashok
@ 2003-04-15 18:10 ` Martin A. Brown
  2 siblings, 0 replies; 4+ messages in thread
From: Martin A. Brown @ 2003-04-15 18:10 UTC (permalink / raw)
  To: lartc

Hi Ashok,

 : > Are you fetching mail from a particular mailserver?  If so:
 : > # mailserver!3.165.64.20
 : > # route add -host $mailserver gw 192.168.2.1
 : > # mailserver!3.165.64.20
 : > # ip route add $mailserver via 192.168.2.1
 : > -Martin
 :
 : Wouldnt setting up ip rules to forward the appropriate traffic through the
 : proper gateway be better?

Why use the RPDB if you don't need to?  I subscribe to the KISS notion
(keep it simple, stupid!).

If all of his mail connections are to a single "smarthost", or a small set
of IP addresses, there's no reason for him to use "ip rule", since he can
make a specific route in the main routing table to the destination.

If he is using multiple mailservers in "unknown" networks, then he'll need
to look at the link load sharing solutions, such as multipath routes, or
multiple outbound links with RPDB/fwmark'ing solutions.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-04-15 18:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-15 14:43 [LARTC] SNAT or DNAT or what? Torsten Puls
2003-04-15 15:05 ` Martin A. Brown
2003-04-15 17:48 ` N N Ashok
2003-04-15 18:10 ` Martin A. Brown

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.