Hello folks: This may have been discussed many times before but I
have not been able to find it. I have also not been able to resolve
it myself so I am asking here with hope that someone can straighten me
out.
I am using ip to do multisource policy routing or two connections to
the internet. I have a linksys wrt54gs route which connects two
machines by wire through the switch and three computers through
wireless. For the most part his portion of the set-up works fine.
One of the boxes attached to the router by 10base-t also has a second
interface card which attaches to an adsl modem using pppoe. My
problem is on that second machine. I cannot figure out how to forward
packets by incoming or destination port to the first machine for some
services which it handles such as mail/dns/ftp....
I have read through quite a few docs such as Matt Marsh''s policy
routing and the lartc how-to on nat''ing and so forth. After reading
these I think I understand what is going on until I try to do it
myself and then I either get errors or it just doesn''t work. I have
tried using iptables and route/rule nat with no luck so far. It seems
to me this should be a FAQ but nothing seems to quite match.
I will try to draw how I invision the lay-out of the network but
apologize because I''m a blink and am not sure I can get the drawing
just right.
internet internet
| |
wrt54gs dsl-mdm
/ \ /
host-a host-b 2 nics
I am not sure whether to put here what I have tried and hope someone
can point out my mistakes or just hope someone will give me a nice
little script! ''grin'' Okay, okay, here are the iptables lines
I tried
first:
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 25 -j DNAT --to
10.10.10.10
iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 25 -j MASQUERADE
I have tried both eth0 and ppp0 in the -o flag above. I have also
tried adding ppp0 with the ip addr add 10.10.10.10/32 dev ppp0 table 1
without much affect. Does it sound like I''m confused?
I also tried using the fwmark with ip rule but run up against a brick
wall which appears to be that one cannot do ip route add nat
69.63.33.227/32 via 10.10.10.10/32 table natit. It seems that tables
are not aloud in the route nat or something. I''m also not quite sure
how the nat 0 works in the ip rule statement so yes I am confused in a
big way!
I will include my policy route script below so you can see the bit I
do have working. Any help or pointers will certainly be appreciated.
Kirk
#!/bin/bash
IF1=eth0
IP1=10.10.10.15
P1=10.10.10.1
P1_NET=10.10.10.0
IF2=ppp0
IP2=69.63.33.227
P2=209.183.132.10
P2_NET=69.0.0.0
ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 table T1
ip route add 127.0.0.0/8 dev lo table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2
ip route add $P1_NET dev $IF1 table T2
ip route add 127.0.0.0/8 dev lo table T2
#ip route append $P1_NET dev $IF1 src $IP1
#ip route append $P2_NET dev $IF2 src $IP2
#ip route append default via $P1
ip rule add from $IP1 table T1
ip rule add from $IP2 table T2
ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
nexthop via $P2 dev $IF2 weight 1
--
Kirk Reiser The Computer Braille Facility
e-mail: kirk@braille.uwo.ca University of Western Ontario
phone: (519) 661-3061
