From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Christof Marti" <christof.marti@sensirion.com>
Date: Fri, 30 Mar 2001 13:15:01 +0000
Subject: [LARTC] How do I route to an aliased interface to masquerade with the alias-ip?
Message-Id: <marc-lartc-98595798007223@msgid-missing>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

I've got the following setup:

debian linux stable
kernel 2.2.19
ipchains 1.3.9, 17-Mar-1999
ip utility, iproute2-ss991023

internal if:
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:50:04:31:9e:7d brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.9/24 brd 192.168.0.255 scope global eth0

external if:
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:50:04:ea:54:f1 brd ff:ff:ff:ff:ff:ff
    inet 62.98.35.177/29 brd 62.98.35.183 scope global eth1
    inet 62.98.35.178/29 brd 62.98.35.183 scope global secondary eth1:0

masquerading works fine for 62.98.35.177 and i'd like to masquerade smtp
from the internal network with the aliased ip 62.98.35.178. I've set up
things as described in "12.  Netfilter & iproute - marking packets" of the
"Linux 2.4 Advanced Routing HOWTO" (with adaptions):

ip addr add 62.98.35.178/29 broadcast 62.98.35.183 label eth1:0 dev eth1
ipchains -I input -i eth0 -s  192.168.0.9/255.255.255.0 -p tcp --dport
ssh -m 1 # seems ok, ipchains -L shows hits

ip rule add fwmark 1 table mail.out # seems ok
ip route add default via 62.98.35.182 dev eth1 src 62.98.35.178 table
mail.out # seems to be the weak point (I know "dev eth1:0" doesn't work
because ip doesn't handle labels) - i'm not shure about the correct use of
"src"

ipchains -I forward -j MASQ -i eth1:0 -s 192.168.0.9/255.255.255.0 #
ipchains -L shows NO hits

How do i add the route for table mail.out to route for "eth1:0" in order to
masquerade with 62.98.35.178?
If this is not possible, is there another solution to get the desired
behaviour (masquerading smtp with a diffrent address, routing for the same
interface as other masqueraded traffic)?

Thanks for your help

Christof Marti


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/