[LARTC] [REPOST] Help me: ipmasqadm and default gatway...

[LARTC] [REPOST] Help me: ipmasqadm and default gatway...

[striscio]

Excuse me form reposting the quesiton, but I didn't find any solution.
Any suggestion is welcome

Hi,
I'm running a Debian 2.2r2 on a university server with 3 public ip o(1.1.1.1  
2.2.2.2 and 3.3.3.3 on one 
ethernet card (but soon we will have three cards).
There's a tunnel (implemented with vtund on a tun interface with local 
address 192.168.1.10 and remote 192.168.1.20) from this server to another 
server without public ip and behind a router.
I wanted to make the second server visible to the world, so I reserved one of 
the public addresses (say 2.2.2.2) for the job and I made an ipmasqadm portfw 
rule to redirect incoming packets on 1.1.1.1 port 80 to the remote address of 
the tunnel interface (192.168.1.20) on the same port.
Things are running. Packets are redirected from the public address to the 
private one and then, via tun interface, reach the "private server".
*BUT* packets are arriving un-masquearded, that's to say with the address of 
the host that requested the connection.
So to get things working I have to set the public server as default route on 
the masqueraded one, the thing it's not so good for me, 'cause the 
masqueraded server act as gateway for a sub-net and I don't want all the 
traffic being routed on the tunnel interface via the public server.
I think that the right way is to get packets being masqueraded from the 
public server with it's tunnel address, so that the masqueraded server will 
know where to send back packets. 

Any suggestion is really welcome.

As better explain than my english I add here some rules and info.
            HOST A                       HOST B 
       -----------                  --------------
I      |          |                 |            |
N    eth0        tun1            tun1            eth0
T ---1.1.1.1   192.168.1.10 --- 192.168.1.20     172.20.32.1 --- GATEWAY
E    eth0:1
R ---2.2.2.2
N
E
T

HOST A
#masq what is coming from HOST B
ipchains -A forward -s 192.168.1.20/32 -d 0.0.0.0/0  -j MASQ
#masq what goes to HOST B
#ipchains -A forward -s 0.0.0.0/0 -d 192.168.1.20/32 -l -j MASQ
#redirect
ipmasqadm portfw -a -P tcp -L 1.1.1.1 80 -R 192.168.1.20 80

HOST B
#172.16.32.1 #ROUTER/GATEWAY OF THE LAB
#how to reach the public end of the tunnel 
route add -host 2.2.2.2 gw 172.16.32.1


         Thanks a lot,

         gianpaolo
-- 
Un dottore distratto alla paziente: "E' stata a teatro ieri sera?".
"No, sono andata a letto presto".  "E c'era molta gente?".
		-- Da it.hobby.umorismo

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

Re: [LARTC] [REPOST] Help me: ipmasqadm and default gatway...

[Christian Worm Mortensen]

Hi,

> I think that the right way is to get packets being masqueraded from the 
> public server with it's tunnel address, so that the masqueraded server will 
> know where to send back packets. 

Do you only need http traffic? Maybe your solution is to install a http proxy server on your public machine? Another possibilty is to use programs such as redir.


Christian


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

Re: [LARTC] [REPOST] Help me: ipmasqadm and default gatway...

[gianpaolo racca]

On Monday 05 March 2001 20:05, Christian Worm Mortensen wrote:

> Do you only need http traffic? Maybe your solution is to install a http
> proxy server on your public machine? Another possibilty is to use programs
> such as redir.

no... I' m trying with port 80, but I would like to redirect all the traffic.
Thanks, 
 	
 	gianpaolo 
	gigiaho--
-- 
gianpaolo racca
gianpaolo@preciso.net
http://www.preciso.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/