From: Joel Newkirk <netfilter@newkirk.us>
To: Karina <kgs@acabtu.com.mx>, netfilter@lists.netfilter.org
Subject: Re: How to send all packets to a router
Date: Mon, 24 Feb 2003 22:11:38 -0500 [thread overview]
Message-ID: <200302242211.38647.netfilter@newkirk.us> (raw)
In-Reply-To: <3C792059.865B267B@acabtu.com.mx>
On Sunday 24 February 2002 12:18 pm, Karina wrote:
> Hi, i have this problem..
>
> I have an iptables-box, that is the default gateway for all my
> internal addresses, after this box all the packets are sending to my
> main router. But now, I need to send one of my internal Class C to
> another router instead of the main one.
>
> I try with this line:
>
> $IPTABLES -T NAT -a PREROUTING -i eth0 -s $THISCLASS -j DNAT --to
> other.router.ip
>
> but it seems this is not working.
>
> If i setup a computer and i put as gateway directly the new router ip
> all works. But , if i setup this same comptuer and i put as gateway my
> iptables-box (all the computers have this settings) this doesn't work.
> The packets sent by my other ip addresses are going to main router as
> usual, but the other class is not going to the alternate router.
>
> Any ideas ?
Yep. DNAT changes the destination, the FINAL destination. Everything
you DNAT with this rule is sent TO the router, not THROUGH the router.
You want to work with routing instead of NAT, because you only want to
change the route used to reach that destination. The Linux Advanced
Routing and Traffic Control Howto ( http://lartc.org/howto ) has a
helpful section "Routing for Multiple Uplinks" at
http://lartc.org/howto/lartc.rpdb.multiple-links.html that should tell
you what you want.
Basically you need to create 2 routing tables, with an upstream router as
the default route in each. Make the 'main' router the overall default,
and the secondary router has a rule that sends specific traffic to it.
You can source-route ("Prev" from the Multiple-Uplink section linked
above) just with the routing configuration, or you can use the MARK
target in mangle PREROUTING with iptables to flag the traffic destined
for it, and then set up a routing rule based on the fwmark, as explained
in http://lartc.org/howto/lartc.netfilter.html . From what you
outlined, source routing is your simplest solution, and won't directly
involve iptables at all. MARK is more useful in situations where you
need to send specific types of traffic, rather than specific sources,
through a different route.
j
next prev parent reply other threads:[~2003-02-25 3:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-02-24 17:18 How to send all packets to a router Karina
2003-02-24 18:10 ` Alistair Tonner
2002-02-25 1:42 ` Karina
2003-02-25 3:11 ` Joel Newkirk [this message]
2003-04-01 4:25 ` John Covici
2003-04-06 5:40 ` Ian Morgan
2003-04-06 7:44 ` John covici
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200302242211.38647.netfilter@newkirk.us \
--to=netfilter@newkirk.us \
--cc=kgs@acabtu.com.mx \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox