MASQUERADE rule does not work with routing table and bridge

netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* MASQUERADE rule does not work with routing table and bridge
       [not found] <396104199.23817.1393979999577.JavaMail.root@ixer.mx>
@ 2014-03-05  0:47 ` Enrique Huerta de la Fuente
  0 siblings, 0 replies; only message in thread
From: Enrique Huerta de la Fuente @ 2014-03-05  0:47 UTC (permalink / raw)
  To: netfilter

Hi,

I have two routing tables: telmex (br3)  y bbs (br2); both have your property gateway and i set up the routing rules. I can connect to ip2 and ip3 from internet. And the default gateway in the main routing table is ip2.
From te linux router i can output to internet by the gateway ip2, but when i mark certain traffic for outgoing by br3 and masquerade its, not masquerade!!

I know that the traffic output is by eth2 (br3) because i log with ebtables (ebtables -I OUTPUT) but the ip source is ip2.

I disable CONNTRACK for traffic outgoing by br3, but nothing. When i change  default gateway in the main routing to ip3,  it works fine.

The problem is that the MASQUERADE rule does not work with routing table and bridge.

Any idea?


                                                                 ________
                                          +------------+        /
                                          |            |       |
                            +-------------+ Provider 1 +-------
        __                  |ip2          |            |     /
    ___/  \_         +------+-------+     +------------+    |
  _/        \__      |     br2      |                      /
 /             \     |              |                      |
| Local network -----+ Linux router |                      |     Internet
 \_           __/    |              |                      |
   \__     __/       |     br3      |                      \
      \___/          +------+-------+     +------------+    |
                            |ip3          |            |     \
                            +-------------+ Provider 2 +-------
                                          |            |       |
                                          +------------+        \________



# ip route ls
139.132.201.56/29 dev br2  proto kernel  scope link  src 139.132.201.58 
188.126.250.96/28 dev br3  proto kernel  scope link  src 188.126.250.98 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 
192.168.168.0/21 dev br0  proto kernel  scope link  src 192.168.172.254 
192.168.168.0/21 dev br1  proto kernel  scope link  src 192.168.172.253 
default via 139.132.201.62 dev br2

# ip rule ls
0:      from all lookup local 
32755:  from all fwmark 0x5 lookup telmex 
32756:  from 188.126.250.98 lookup telmex 
32757:  from 139.132.201.58 lookup bbs 
32758:  from all fwmark 0x3 lookup bbs 
32766:  from all lookup main 
32767:  from all lookup default

# ip route ls table bbs
139.132.201.56/29 dev br2  scope link  src 139.132.201.58 
default via 139.132.201.62 dev br2


# ip route ls table telmex
188.126.250.96/28 dev br3  scope link  src 188.126.250.98 
default via 188.126.250.97 dev br3

E.Huerta

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2014-03-05  0:47 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <396104199.23817.1393979999577.JavaMail.root@ixer.mx>
2014-03-05  0:47 ` MASQUERADE rule does not work with routing table and bridge Enrique Huerta de la Fuente

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).