From: striscio striscio@preciso.net
To: lartc@vger.kernel.org
Subject: [LARTC] ipmasqadm and default route on masqueraded host
Date: Wed, 28 Feb 2001 08:57:03 +0000 [thread overview]
Message-ID: <marc-lartc-98373940417062@msgid-missing> (raw)
<PRE>Hi,
I'm running a Debian 2.2r2 on a university server with 3 public ip on one
ethernet card (but soon we will have three cards).
There's a tunnel (implemented with vtund on a tun interface with local
address 192.168.1.10 and remote 192.168.1.20) from this server to another
server without public ip and behind a router.
I wanted to make the second server visible to the world, so I reserver one of
the three ip public address (say 111.111.111.111, 111.111.111.112 and
111.111.111.113) for the job and I made an ipmasqadm portfw rule to redirect
incoming packets on 111.111.111.111 port 80 to the remote address of the
tunnel interface (192.168.1.20)
Things are running. Packets are redirected from the public address to the
private one and then , via tun interface, reach the "private server".
BUT packets are arriving un-masquearded, that's to say with the address of
the host that requested the connection.
So to get things working I have to set as default route for
I have ot set the public server as default route on the masqueraded one, the
thing it's not so good for me, 'cause the masqueraded server act as gateway
for a sub-net and I don't want all the traffic being routed on the tunnel
interface.
I think that the right way is to get packets being masqueraded from the
public server with it's tunnel address, so that the masqueraded server will
know where to send back packets.
Any suggestion is really welcome.
As better explain than my english I add here some rules and info.
HOST A HOST B
-------- --------
eth0 tun1 tun1 eth0
111.111.111.111 192.168.1.10 192.168.1.20 172.20.32.1
eth0:1
111.111.111.112
HOST A
#masq what is coming from HOST B
ipchains -A forward -s 192.168.1.20/32 -d 0.0.0.0/0 -j MASQ
#masq what goes to HOST B
#ipchains -A forward -s 0.0.0.0/0 -d 192.168.1.20/32 -l -j MASQ
#redirect
ipmasqadm portfw -a -P tcp -L 111.111.111.111 80 -R 192.168.1.20 80
HOST B
#172.16.32.1 #ROUTER/GATEWAY OF THE LAB
#how to reach the public end of the tunnel
route add -host 111.111.111.112 gw 172.16.32.1
Thanks,
gianpaolo
--
gianpaolo racca
<A HREF="mailto:gianpaolo@preciso.net">gianpaolo@preciso.net</A>
<A HREF="http://www.preciso.net">http://www.preciso.net</A>
</PRE>
reply other threads:[~2001-02-28 8:57 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-98373940417062@msgid-missing \
--to=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.