Christof Marti
2001-Mar-30 13:15 UTC
How do I route to an aliased interface to masquerade with the alias-ip?
I''ve got the following setup:
debian linux stable
kernel 2.2.19
ipchains 1.3.9, 17-Mar-1999
ip utility, iproute2-ss991023
internal if:
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:04:31:9e:7d brd ff:ff:ff:ff:ff:ff
inet 192.168.0.9/24 brd 192.168.0.255 scope global eth0
external if:
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:04:ea:54:f1 brd ff:ff:ff:ff:ff:ff
inet 62.98.35.177/29 brd 62.98.35.183 scope global eth1
inet 62.98.35.178/29 brd 62.98.35.183 scope global secondary eth1:0
masquerading works fine for 62.98.35.177 and i''d like to masquerade
smtp
from the internal network with the aliased ip 62.98.35.178. I''ve set up
things as described in "12. Netfilter & iproute - marking
packets" of the
"Linux 2.4 Advanced Routing HOWTO" (with adaptions):
ip addr add 62.98.35.178/29 broadcast 62.98.35.183 label eth1:0 dev eth1
ipchains -I input -i eth0 -s 192.168.0.9/255.255.255.0 -p tcp --dport
ssh -m 1 # seems ok, ipchains -L shows hits
ip rule add fwmark 1 table mail.out # seems ok
ip route add default via 62.98.35.182 dev eth1 src 62.98.35.178 table
mail.out # seems to be the weak point (I know "dev eth1:0"
doesn''t work
because ip doesn''t handle labels) - i''m not shure about the
correct use of
"src"
ipchains -I forward -j MASQ -i eth1:0 -s 192.168.0.9/255.255.255.0 #
ipchains -L shows NO hits
How do i add the route for table mail.out to route for "eth1:0" in
order to
masquerade with 62.98.35.178?
If this is not possible, is there another solution to get the desired
behaviour (masquerading smtp with a diffrent address, routing for the same
interface as other masqueraded traffic)?
Thanks for your help
Christof Marti