LARTC - Mar 2002 - help on iproute2

hi guys .. I''m linux newbie
I have LAN that connected to internet.
here is the pic :

[internet]----------[Linux]----------[LAN]
    |                  |               |
202.149.83.192-207  202.149.83.194   192.168.0.1-35

with RedHat Linux 2.4.18, how can I make every 4 ip on
LAN will be 1 ip on the internet ? (sorry abt my
english )
example: 

192.168.0.1-4 ---> 202.149.83.195
192.168.0.4/30 --> 202.149.83.196
192.168.0.8/30 --> 202.149.83.197
.
.
.

with my old linux (2.2.16) ..
I use :
modprobe dummy
ifconfig dummy0 202.149.83.195 netmask 255.255.255.240
ifconfig dummy0:1 202.149.83.196 netmask
255.255.255.240
ifconfig dummy0:2 202.149.83.197 netmask
225.255.255.240
.
.
.
ip rule add from 192.168.0.0/30 nat 202.149.83.195
ip rule add from 192.168.0.4/30 nat 202.149.83.196
ip rule add from 192.168.0.8/30 nat 202.149.83.197
.
.
.

but It''s NOT WORKING on my new 2.4.18 Linux.
what should I do ?
Thanks before
Yours

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - sign up for Fantasy Baseball
http://sports.yahoo.com

On Sat, Mar 02, 2002 at 01:48:43AM -0800, Bambang Yulianto
wrote:
> here is the pic :
> 
> [internet]----------[Linux]----------[LAN]
>     |                  |               |
> 202.149.83.192-207  202.149.83.194   192.168.0.1-35
Very good!
> ip rule add from 192.168.0.0/30 nat 202.149.83.195
> ip rule add from 192.168.0.4/30 nat 202.149.83.196
> ip rule add from 192.168.0.8/30 nat 202.149.83.197
I don''t think this syntax works anymore. I would do this with iptables,
http://www.iptables.org - that syntax is far more widely used. I''m not
even
sure if it ever worked! Every packet coming from 192.168.0.1 or 0.2 or 0.3
will get assigned 202.149.83.195 - this is information loss, there is no way
to map back.

Otherwise, read the iproute documentation, it''s called ip-cref.tex I
think.

But I think you should use iptables and SNAT - you need a way to map packets
back using a table.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO

Hello,

On Sat, 2 Mar 2002, bert hubert wrote:
> > ip rule add from 192.168.0.0/30 nat 202.149.83.195
> > ip rule add from 192.168.0.4/30 nat 202.149.83.196
> > ip rule add from 192.168.0.8/30 nat 202.149.83.197
>
> I don''t think this syntax works anymore. I would do this with
iptables,
	There is a small patch that fixes this for Netfilter but don''t
expect it in the mainstream kernels. The current status is
0 votes for it and it can be replaced with iptables rules, of
course, it is useful for complex setups. Here it is:

http://www.linuxvirtualserver.org/~julian/#rtmasq

	It also fixes bugs that nobody wants to fix already for
months.
> Regards,
>
> bert
Regards

--
Julian Anastasov <ja@ssi.bg>

On Sat, Mar 02, 2002 at 01:48:43AM -0800, Bambang Yulianto
wrote:
> hi guys .. I''m linux newbie
> I have LAN that connected to internet.
> here is the pic :
> 
> [internet]----------[Linux]----------[LAN]
>     |                  |               |
> 202.149.83.192-207  202.149.83.194   192.168.0.1-35
> 
> with RedHat Linux 2.4.18, how can I make every 4 ip on
> LAN will be 1 ip on the internet ? (sorry abt my
> english )
> example: 
> 
> 192.168.0.1-4 ---> 202.149.83.195
> 192.168.0.4/30 --> 202.149.83.196
> 192.168.0.8/30 --> 202.149.83.197
You are actually saying that your system was masquerading.
> with my old linux (2.2.16) ..
> I use :
> modprobe dummy
> ifconfig dummy0 202.149.83.195 netmask 255.255.255.240
> ifconfig dummy0:1 202.149.83.196 netmask
> 255.255.255.240
> ifconfig dummy0:2 202.149.83.197 netmask
> 225.255.255.240
> .
> .
> .
> ip rule add from 192.168.0.0/30 nat 202.149.83.195
> ip rule add from 192.168.0.4/30 nat 202.149.83.196
> ip rule add from 192.168.0.8/30 nat 202.149.83.197
> .
> .
> .
> 
> but It''s NOT WORKING on my new 2.4.18 Linux.
This is on 2.2 a way to masquerade from specific ip adresses.
As you can read in the ip manual, it really uses the ipchains masquarading
stuff.
As it also says in the manual that this has completely been removed
(except for fastnat) from that layer, since netfilter does it
good.
> what should I do ?
Use netfilter/iptables.
iptables -t nat --append POSTROUTING --source 192.168.0.0/30 --jump SNAT
--to-source 202.149.83.195
Or something like that.
-- 
<ard@telegraafnet.nl> Telegraaf Elektronische Media  http://wwwijzer.nl
http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html 
Let your government know you value your freedom. Sign the petition:
http://petition.eurolinux.org/