Re: rerouting after postrouting in NAT table

[Ray Leach <raymondl@knowledgefactory.co.za>]

[-- Attachment #1: Type: text/plain, Size: 2924 bytes --]

On Fri, 2003-10-17 at 09:35, Madhuri Patwardhan wrote:
> Hi,
> 
> I would like to choose the appropriate routing table using the packet 
> source address which is altered by the NAT table post-routing chain.
> Is it possible? I have given the detailed scenerio below.
> 
> This is what I have:
> 
> I have a linux box with connections to two WAN links.
> We are doing load balancing using Ultra monkey software. The same linux 
> box also works as a Linux director and directs the packets to real 
> servers. The real servers have private IP's. It is similar to the 
> example given on the ultramonkey site: 
> http://www.ultramonkey.org/2.0.1/topologies/lb-eg.html
> 
> On the Linux Director box (which has two WAN links), masquerading for 
> the real server's private IP's happens with the following command.
> 
> /sbin/iptables -t nat -A POSTROUTING -j MASQUERADE -s 192.168.6.0/24
> (as given in the example on ultramonkey site, which is mentioned above)
> 
> So, in the POSTROUTING chain the source address gets changed to one of 
> the WAN links public IP.
> 
> I would like to route the reply packets on the same WAN link on which 
> the query came.
> 
> For example:
> 
> I have two WAN links whose IP ranges are 203.199.51.0/24(WAN link X) and 
> 203.197.74.128/25 (WAN link Y).
> 
> A packet comes on WAN link X destined to a address 203.199.51.159, which 
> is a virtual IP of the Linux Director on the Linux box.
> 
> This packet is handed over to the real server which generates reply and 
> sends the packet back to Linux Director. The Linux Director changes the 
> source IP to 203.199.51.159 as per the iptables masqurade rule mentioned 
> above in the NAT tables post-routing chain.
> 
> I have created two routing tables one with a default route of WAN link X 
> and the other with a default route of WAN link Y. Depending on the 
> source address, in this case 203.199.51.159 I would like it to choose 
> the appropriate routing table and hence WAN link X.
> 
> Is this possible? What I am wondering is since it is in the post routing 
> chain that the source address is changed, is it possible that rerouting 
> will happen again and the appropriate default route will be chosen after 
> postrouting chain is traversed?
> 
> 
> If any part needs better explaination please let me know. I would really 
> appreciate any pointers/clues.
> 
How are you doing the 'redirector' part? Are you redirecting the
incoming requests using iptables?

It sounds like what you're after is DNAT with connection tracking.
(unless I missed the bus completely)
> 
> Thanks in advance.
> 
> Madhuri
-- 
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]