From: xchris <lyra@fastwebnet.it>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Default route - Please Help
Date: Fri, 02 May 2003 14:16:24 +0000 [thread overview]
Message-ID: <marc-lartc-105188525330174@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105180332019719@msgid-missing>
On Friday 02 May 2003 11:36, Matthieu Turpault wrote:
> Hi list,
>
> I have exactly the same problem and I can't manage with doing my network
> work.
>
> In fact, the NAT postrouting is done *after* the routing.
> Consequently, tables fastweb and telecom are never looked.
>
> I am very interesed by a solution.
>
> My problem is described at this URL (still no answer):
> http://marc.theaimsgroup.com/?l=lartc&m\x105049828901812&w=2
>
Here is my working solution (sorry for italian..)
I separeted routing and nat files.
In few words you have to
1)ip rule with fmark!!
2)mark packets with iptables -t mangle
3)SNAT
Hope this help.
routing:
TELECOM_IF=eth0
FASTWEB_IF=eth1
DMZ_IP=eth2
LAN_IF=eth3
TELECOM_IP\x192.168.1.237
FASTWEB_IP\x192.168.3.1
DMZ_IP\x192.168.2.1
LAN_IP\x192.168.0.238
TELECOM_NET\x192.168.1.0/24
FASTWEB_NET\x192.168.3.0/24
DMZ_NET\x192.168.2.0/24
LAN_NET\x192.168.0.0/24
GW_TELECOM\x192.168.1.238
GW_FASTWEB\x192.168.3.254
TELECOM_MARK=1
FASTWEB_MARK=2
echo "1 - Creating two additional routing tables"
echo
ip route del $TELECOM_NET dev $TELECOM_IF src $TELECOM_IP table telecom
ip route add $TELECOM_NET dev $TELECOM_IF src $TELECOM_IP table telecom
ip route del default via $GW_TELECOM table telecom
ip route add default via $GW_TELECOM table telecom
ip route del $FASTWEB_NET dev $FASTWEB_IF src $FASTWEB_IP table fastweb
ip route add $FASTWEB_NET dev $FASTWEB_IF src $FASTWEB_IP table fastweb
ip route del default via $GW_FASTWEB table fastweb
ip route add default via $GW_FASTWEB table fastweb
echo "2 - Setting Main routing tables"
echo
ip route del $TELECOM_NET dev $TELECOM_IF src $TELECOM_IP
ip route del $FASTWEB_NET dev $FASTWEB_IF src $FASTWEB_IP
ip route add $TELECOM_NET dev $TELECOM_IF src $TELECOM_IP
ip route add $FASTWEB_NET dev $FASTWEB_IF src $FASTWEB_IP
ip route add default via $GW_TELECOM
echo "3 - Setting answers from corresponing IPs"
echo
ip rule del from $TELECOM_IP table telecom
ip rule del from $FASTWEB_IP table fastweb
ip rule add from $TELECOM_IP table telecom
ip rule add from $FASTWEB_IP table fastweb
ip route add $LAN_NET dev $LAN_IF table telecom
ip route add $FASTWEB_NET dev $FASTWEB_IF table telecom
ip route add 127.0.0.0/8 dev lo table telecom
ip route add $LAN_NET dev $LAN_IF table fastweb
ip route add $TELECOM_NET dev $TELECOM_IF table fastweb
ip route add 127.0.0.0/8 dev lo table fastweb
ip rule del fwmark 2 table 2
ip rule del fwmark 1 table 1
ip rule add fwmark 2 table 2
ip rule add fwmark 1 table 1
ip route flush cache
here is nat file
TELECOM_IF=eth0
FASTWEB_IF=eth1
DMZ_IP=eth2
LAN_IF=eth3
TELECOM_IP\x192.168.1.237
FASTWEB_IP\x192.168.3.1
DMZ_IP\x192.168.2.1
LAN_IP\x192.168.0.238
TELECOM_NET\x192.168.1.0/24
FASTWEB_NET\x192.168.3.0/24
DMZ_NET\x192.168.2.0/24
LAN_NET\x192.168.0.0/24
GW_TELECOM\x192.168.1.238
GW_FASTWEB\x192.168.3.254
TELECOM_MARK=1
FASTWEB_MARK=2
###############################################################################
## Funzione ausiliaria che marka e imposta nat
imposta_nat()
{
if test $2 = $TELECOM_IP
then
local MARK=$TELECOM_MARK
else
local MARK=$FASTWEB_MARK
fi
iptables -t mangle -A PREROUTING -s $3$1 -j MARK --set-mark $MARK
iptables -t nat -A POSTROUTING -s $3$1 -j SNAT --to-source $2
}
################################################################################
################### Facciamo Pulizia ########################################
### Lascio il DNAT di Shorewall
#############################################################################
iptables -t nat -F POSTROUTING
iptables -t mangle -F
##############################################################################
### Maschero la Dmz con Fastweb altrimenti non risputa i pacchetti
### Potrebbe sputarli verso telecom
imposta_nat $DMZ_NET $FASTWEB_IP
###############################################################################
### Maschero la lan con Telecom
imposta_nat $LAN_NET $TELECOM_IP
###############################################################################
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-05-02 14:16 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-01 15:33 [LARTC] Default route - Please Help xchris
2003-05-02 9:36 ` Matthieu Turpault
2003-05-02 14:16 ` xchris [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105188525330174@msgid-missing \
--to=lyra@fastwebnet.it \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.