From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Themel <themel@iwoars.net>
Date: Tue, 04 Nov 2003 10:26:24 +0000
Subject: Re: [LARTC] fwmark routing of locally generated packets
MIME-Version: 1
Content-Type: multipart/mixed; boundary="mKXzovbRDj+u9luS"
Message-Id: <marc-lartc-106794209121085@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-106730159403106@msgid-missing>
In-Reply-To: <marc-lartc-106730159403106@msgid-missing>
To: lartc@vger.kernel.org


--mKXzovbRDj+u9luS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,
Thomas Themel (themel@iwoars.net) wrote on 2003-11-01:
> # SNAT for outgoing packets
> iptables -A POSTROUTING -t nat -o $PPP_IFACE --match mark --mark 0x03 -j =
SNAT --to-source $PPP_LOCAL

I've been able to do away with the DNAT rule now.

> # DNAT for incoming packets
> iptables -t nat -A PREROUTING -i $PPP_IFACE  -d $PPP_LOCAL -j DNAT --to-d=
estination 192.168.1.1

I couldn't get it to work with just the SNAT rule originally (see
original post, the SACKs would be ignored), but I've finally figured out
why: I had enabled rp_filter on that machine. =20

Quite obviously, enabling rp_filter in combination with policy routing
is a bad idea.

echo 0 > /proc/sys/net/ipv4/conf/$PPP_IFACE/rp_filter=20

fixed it for me.

I still think I shouldn't need the netfilter SNAT rule, but even
enabling NAT with the routing rule (ip rule add fwmark 3 table aonc nat
$PPP_REMOTE) doesn't seem to set the source address of the outgoing
packets correctly.

ciao,
--=20
[*Thomas  Themel*] "If we're not supposed to eat animals, how come=20
[extended contact]  they're made of meat?"
[info provided in]      - Treat Carnivores Ethically,
[*message header*]              in the fuckedcompany.com forums

--mKXzovbRDj+u9luS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/p37PnaL7psKWQ8YRAo1+AKCY6Yc2UwHn+9d404uSNHI2kEsRxACfd9qs
pWDH7TQeRKvUGS/zgGTRV+M=
=8DRU
-----END PGP SIGNATURE-----

--mKXzovbRDj+u9luS--
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/