* [LARTC] Masquerading under 2.4
@ 2001-01-11 14:45 Arthur
2001-01-11 15:12 ` Willis
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Arthur @ 2001-01-11 14:45 UTC (permalink / raw)
To: lartc
<PRE>On Thu, 11 Jan 2001, Willis Yonker wrote:
><i> Hello all,
</I>><i>
</I>><i> I just got the 2.4.0 kernel and built in masquerading into the kernel (not
</I>><i> as a module). When you do that, it takes away the option to act as
</I>><i> ipchains did in 2.2.
</I>><i>
</I>><i> Okay, that's fine with me. I just have no idea how to setup masquerading
</I>><i> (or for that matter port forwarding either) using the 2.4 way. Can
</I>><i> someone point me to some documentation I can use to acomplish this?
</I>
Check out Rusty Russel's Linux 2.4 NAT HOWTO on
<A HREF="http://netfilter.kernelnotes.org/unreliable-guides/NAT-HOWTO.html">http://netfilter.kernelnotes.org/unreliable-guides/NAT-HOWTO.html</A>
Doei, Arthur.
--
/\ / | <A HREF="mailto:arthurvl@sci.kun.nl">arthurvl@sci.kun.nl</A> | Work like you don't need the money
/__\ / | A friend is someone with whom | Love like you have never been hurt
/ \/__ | you can dare to be yourself | Dance like there's nobody watching
</PRE>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [LARTC] Masquerading under 2.4
2001-01-11 14:45 [LARTC] Masquerading under 2.4 Arthur
@ 2001-01-11 15:12 ` Willis
2001-01-11 20:12 ` wyonker
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Willis @ 2001-01-11 15:12 UTC (permalink / raw)
To: lartc
<PRE>Hello all,
I just got the 2.4.0 kernel and built in masquerading into the kernel (not
as a module). When you do that, it takes away the option to act as
ipchains did in 2.2.
Okay, that's fine with me. I just have no idea how to setup masquerading
(or for that matter port forwarding either) using the 2.4 way. Can
someone point me to some documentation I can use to acomplish this?
Thank you for your help.
</PRE>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [LARTC] Masquerading under 2.4
2001-01-11 14:45 [LARTC] Masquerading under 2.4 Arthur
2001-01-11 15:12 ` Willis
@ 2001-01-11 20:12 ` wyonker
2001-01-11 21:30 ` Arthur
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: wyonker @ 2001-01-11 20:12 UTC (permalink / raw)
To: lartc
<PRE>Cool. That worked great. I have one more question please.
What is the replacement for ipmasqadm and where can I find some
documentation on it?
This is great. I can finally get my network working the way it
should be!
On 11 Jan 2001, at 15:45, Arthur van Leeuwen wrote:
><i> On Thu, 11 Jan 2001, Willis Yonker wrote:
</I>><i>
</I>><i> > Hello all,
</I>><i> >
</I>><i> > I just got the 2.4.0 kernel and built in masquerading into the
</I>><i> > kernel (not as a module). When you do that, it takes away the
</I>><i> > option to act as ipchains did in 2.2.
</I>><i> >
</I>><i> > Okay, that's fine with me. I just have no idea how to setup
</I>><i> > masquerading (or for that matter port forwarding either) using the
</I>><i> > 2.4 way. Can someone point me to some documentation I can use to
</I>><i> > acomplish this?
</I>><i>
</I>><i> Check out Rusty Russel's Linux 2.4 NAT HOWTO on
</I>><i> <A HREF="http://netfilter.kernelnotes.org/unreliable-guides/NAT-HOWTO.html">http://netfilter.kernelnotes.org/unreliable-guides/NAT-HOWTO.html</A>
</I>><i>
</I>><i> Doei, Arthur.
</I>><i>
</I>><i> --
</I>><i> /\ / | <A HREF="mailto:arthurvl@sci.kun.nl">arthurvl@sci.kun.nl</A> | Work like you don't need
</I>><i> the money
</I>><i> /__\ / | A friend is someone with whom | Love like you have never
</I>><i> been hurt
</I>><i> / \/__ | you can dare to be yourself | Dance like there's nobody
</I>><i> watching
</I>
</PRE>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [LARTC] Masquerading under 2.4
2001-01-11 14:45 [LARTC] Masquerading under 2.4 Arthur
2001-01-11 15:12 ` Willis
2001-01-11 20:12 ` wyonker
@ 2001-01-11 21:30 ` Arthur
2001-01-11 22:47 ` wyonker
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Arthur @ 2001-01-11 21:30 UTC (permalink / raw)
To: lartc
<PRE>On Thu, 11 Jan 2001 <A HREF="mailto:wyonker@dcsnow.com">wyonker@dcsnow.com</A> wrote:
><i> On 11 Jan 2001, at 15:45, Arthur van Leeuwen wrote:
</I>><i>
</I>><i> > Check out Rusty Russel's Linux 2.4 NAT HOWTO on
</I>><i> > <A HREF="http://netfilter.kernelnotes.org/unreliable-guides/NAT-HOWTO.html">http://netfilter.kernelnotes.org/unreliable-guides/NAT-HOWTO.html</A>
</I>
><i> Cool. That worked great. I have one more question please.
</I>
><i> What is the replacement for ipmasqadm and where can I find some
</I>><i> documentation on it?
</I>
If you had really read the Linux 2.4 NAT HOWTO, you would've known
that the PREROUTING and POSTROUTING tables also handle port forwarding.
And that the 2.4 NAT HOWTO describes *that* as well.
Doei, Arthur.
--
/\ / | <A HREF="mailto:arthurvl@sci.kun.nl">arthurvl@sci.kun.nl</A> | Work like you don't need the money
/__\ / | A friend is someone with whom | Love like you have never been hurt
/ \/__ | you can dare to be yourself | Dance like there's nobody watching
</PRE>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [LARTC] Masquerading under 2.4
2001-01-11 14:45 [LARTC] Masquerading under 2.4 Arthur
` (2 preceding siblings ...)
2001-01-11 21:30 ` Arthur
@ 2001-01-11 22:47 ` wyonker
2001-01-12 1:51 ` wyonker
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: wyonker @ 2001-01-11 22:47 UTC (permalink / raw)
To: lartc
<PRE>Well I guess I deserved that. I saw my mistake after I sent this
message but of course it was too late by then. Sorry.
On 11 Jan 2001, at 22:30, Arthur van Leeuwen wrote:
><i> On Thu, 11 Jan 2001 <A HREF="mailto:wyonker@dcsnow.com">wyonker@dcsnow.com</A> wrote:
</I>><i>
</I>><i> > On 11 Jan 2001, at 15:45, Arthur van Leeuwen wrote:
</I>><i> >
</I>><i> > > Check out Rusty Russel's Linux 2.4 NAT HOWTO on
</I>><i> > > <A HREF="http://netfilter.kernelnotes.org/unreliable-guides/NAT-HOWTO.html">http://netfilter.kernelnotes.org/unreliable-guides/NAT-HOWTO.html</A>
</I>><i>
</I>><i> > Cool. That worked great. I have one more question please.
</I>><i>
</I>><i> > What is the replacement for ipmasqadm and where can I find some
</I>><i> > documentation on it?
</I>><i>
</I>><i> If you had really read the Linux 2.4 NAT HOWTO, you would've known
</I>><i> that the PREROUTING and POSTROUTING tables also handle port
</I>><i> forwarding. And that the 2.4 NAT HOWTO describes *that* as well.
</I>><i>
</I>><i> Doei, Arthur.
</I>><i>
</I>><i> --
</I>><i> /\ / | <A HREF="mailto:arthurvl@sci.kun.nl">arthurvl@sci.kun.nl</A> | Work like you don't need
</I>><i> the money
</I>><i> /__\ / | A friend is someone with whom | Love like you have never
</I>><i> been hurt
</I>><i> / \/__ | you can dare to be yourself | Dance like there's nobody
</I>><i> watching
</I>
</PRE>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [LARTC] Masquerading under 2.4
2001-01-11 14:45 [LARTC] Masquerading under 2.4 Arthur
` (3 preceding siblings ...)
2001-01-11 22:47 ` wyonker
@ 2001-01-12 1:51 ` wyonker
2001-01-12 9:51 ` Arthur
2001-01-13 0:37 ` wyonker
6 siblings, 0 replies; 8+ messages in thread
From: wyonker @ 2001-01-12 1:51 UTC (permalink / raw)
To: lartc
<PRE>Here is the final piece to my puzzle. I'll buy someone a beer if they
can help me with this.
I have two connections to the internet. I would like all traffic on port
27015 to go out on the 2nd connection (which is eth1 on the router)
and
all traffic from one client also. Oh and I would like to force all
traffice going to specific hosts (myisp.com and myisp2.com) to go
over
their respective interfaces because they block traffic from anywhere
else.
Now, to do the part with the client I can just do the following right?
echo 200 John >> /etc/iproute2/rt_tables
ip rule add from 10.0.0.10 table John
ip route add default via 195.96.98.253 dev ppp2 table John
ip route flush cache
I copied that from the advanced routing Howto.
So can I just add the port to the 'ip rule add' line? Like this?
ip rule add from 10.1.1.10:27015 table John
As always, any help would be appreciated.
On 11 Jan 2001, at 10:12, Willis Yonker wrote:
><i> Hello all,
</I>><i>
</I>><i> I just got the 2.4.0 kernel and built in masquerading into the kernel
</I>><i> (not as a module). When you do that, it takes away the option to act
</I>><i> as ipchains did in 2.2.
</I>><i>
</I>><i> Okay, that's fine with me. I just have no idea how to setup
</I>><i> masquerading (or for that matter port forwarding either) using the 2.4
</I>><i> way. Can someone point me to some documentation I can use to
</I>><i> acomplish this?
</I>><i>
</I>><i> Thank you for your help.
</I>><i>
</I>><i>
</I>><i>
</I>><i> _______________________________________________
</I>><i> LARTC mailing list / <A HREF="mailto:LARTC@mailman.ds9a.nl">LARTC@mailman.ds9a.nl</A>
</I>><i> <A HREF="http://mailman.ds9a.nl/mailman/listinfo/lartc">http://mailman.ds9a.nl/mailman/listinfo/lartc</A> HOWTO:
</I>><i> <A HREF="http://ds9a.nl/2.4Routing/">http://ds9a.nl/2.4Routing/</A>
</I>
</PRE>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [LARTC] Masquerading under 2.4
2001-01-11 14:45 [LARTC] Masquerading under 2.4 Arthur
` (4 preceding siblings ...)
2001-01-12 1:51 ` wyonker
@ 2001-01-12 9:51 ` Arthur
2001-01-13 0:37 ` wyonker
6 siblings, 0 replies; 8+ messages in thread
From: Arthur @ 2001-01-12 9:51 UTC (permalink / raw)
To: lartc
<PRE>On Thu, 11 Jan 2001 <A HREF="mailto:wyonker@dcsnow.com">wyonker@dcsnow.com</A> wrote:
><i> Here is the final piece to my puzzle. I'll buy someone a beer if they
</I>><i> can help me with this.
</I>><i>
</I>><i> I have two connections to the internet. I would like all traffic on port
</I>><i> 27015 to go out on the 2nd connection (which is eth1 on the router)
</I>><i> and all traffic from one client also. Oh and I would like to force all
</I>><i> traffice going to specific hosts (myisp.com and myisp2.com) to go
</I>><i> over their respective interfaces because they block traffic from anywhere
</I>><i> else.
</I>
><i> Now, to do the part with the client I can just do the following right?
</I>><i>
</I>><i> echo 200 John >> /etc/iproute2/rt_tables
</I>><i> ip rule add from 10.0.0.10 table John
</I>><i> ip route add default via 195.96.98.253 dev ppp2 table John
</I>><i> ip route flush cache
</I>><i>
</I>><i> I copied that from the advanced routing Howto.
</I>
Right so far.
><i> So can I just add the port to the 'ip rule add' line? Like this?
</I>><i>
</I>><i> ip rule add from 10.1.1.10:27015 table John
</I>
Nope. You'll have to mark the packets with ipchains (or, in your case
iptables) first (the -m option for ipchains, --mark for iptables). Then
you add a rule matching on that fwmark (ip rule add fwmark 0xf00 table John).
Note that you have to specify the marks in hexadecimal, or else it won't work.
><i> As always, any help would be appreciated.
</I>
I'll leave figuring out the ISP-specific routing to your creativity...
can't really spoil all your fun, now can I? :)
Doei, Arthur.
--
/\ / | <A HREF="mailto:arthurvl@sci.kun.nl">arthurvl@sci.kun.nl</A> | Work like you don't need the money
/__\ / | A friend is someone with whom | Love like you have never been hurt
/ \/__ | you can dare to be yourself | Dance like there's nobody watching
</PRE>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [LARTC] Masquerading under 2.4
2001-01-11 14:45 [LARTC] Masquerading under 2.4 Arthur
` (5 preceding siblings ...)
2001-01-12 9:51 ` Arthur
@ 2001-01-13 0:37 ` wyonker
6 siblings, 0 replies; 8+ messages in thread
From: wyonker @ 2001-01-13 0:37 UTC (permalink / raw)
To: lartc
<PRE>Okay, here is what I got so far. Does this look right?
#First turn on NAT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#Now forward www packets to the web server.
iptables -A PREROUTING -t nat --dport 80 -j DNAT --to 10.1.1.1:80
#Mark all packets for mygame for later routing
iptables -A FORWARD -t nat --dport 27015 -j MARK --set-mark 0xf01
#Mark all packets going to myisp2.com to jump to custom table
#Since the default route is myisp1 I don't have to worry about those.
iptables -A FORWARD -t nat -d myisp2.com -j MARK --set-mark 0xf01
#Setup custom table
echo 200 John >> /etc/iproute2/rt_tables
#Force all traffic from 10.0.0.10 to jump to custom table
ip rule add from 10.0.0.10 table John
#Force all marked packets to jump to custom table
ip rule add fwmark 0xf01 table John
#Force all packets that make it to this table to go out on the 2nd interface
ip route add default via 195.96.98.253 dev eth1 table John
#Fluch the cache when finished
ip route flush cache
On 12 Jan 2001, at 10:51, Arthur van Leeuwen wrote:
><i> On Thu, 11 Jan 2001 <A HREF="mailto:wyonker@dcsnow.com">wyonker@dcsnow.com</A> wrote:
</I>><i>
</I>><i> > Here is the final piece to my puzzle. I'll buy someone a beer if
</I>><i> > they can help me with this.
</I>><i> >
</I>><i> > I have two connections to the internet. I would like all traffic on
</I>><i> > port 27015 to go out on the 2nd connection (which is eth1 on the
</I>><i> > router) and all traffic from one client also. Oh and I would like
</I>><i> > to force all traffice going to specific hosts (myisp.com and
</I>><i> > myisp2.com) to go over their respective interfaces because they
</I>><i> > block traffic from anywhere else.
</I>><i>
</I>><i> > Now, to do the part with the client I can just do the following
</I>><i> > right?
</I>><i> >
</I>><i> > echo 200 John >> /etc/iproute2/rt_tables
</I>><i> > ip rule add from 10.0.0.10 table John
</I>><i> > ip route add default via 195.96.98.253 dev ppp2 table John
</I>><i> > ip route flush cache
</I>><i> >
</I>><i> > I copied that from the advanced routing Howto.
</I>><i>
</I>><i> Right so far.
</I>><i>
</I>><i> > So can I just add the port to the 'ip rule add' line? Like this?
</I>><i> >
</I>><i> > ip rule add from 10.1.1.10:27015 table John
</I>><i>
</I>><i> Nope. You'll have to mark the packets with ipchains (or, in your case
</I>><i> iptables) first (the -m option for ipchains, --mark for iptables).
</I>><i> Then you add a rule matching on that fwmark (ip rule add fwmark 0xf00
</I>><i> table John). Note that you have to specify the marks in hexadecimal,
</I>><i> or else it won't work.
</I>><i>
</I>><i> > As always, any help would be appreciated.
</I>><i>
</I>><i> I'll leave figuring out the ISP-specific routing to your creativity...
</I>><i> can't really spoil all your fun, now can I? :)
</I>><i>
</I>><i> Doei, Arthur.
</I>><i>
</I>><i> --
</I>><i> /\ / | <A HREF="mailto:arthurvl@sci.kun.nl">arthurvl@sci.kun.nl</A> | Work like you don't need
</I>><i> the money
</I>><i> /__\ / | A friend is someone with whom | Love like you have never
</I>><i> been hurt
</I>><i> / \/__ | you can dare to be yourself | Dance like there's nobody
</I>><i> watching
</I>
</PRE>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2001-01-13 0:37 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-01-11 14:45 [LARTC] Masquerading under 2.4 Arthur
2001-01-11 15:12 ` Willis
2001-01-11 20:12 ` wyonker
2001-01-11 21:30 ` Arthur
2001-01-11 22:47 ` wyonker
2001-01-12 1:51 ` wyonker
2001-01-12 9:51 ` Arthur
2001-01-13 0:37 ` wyonker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.