On Fri, May 17, 2002 at 10:20:36AM +0200, Michael Renner
wrote:> Hello!
>
> I''ve got the following setup:
>
> ippp0 (isdn), ppp0 (adsl), eth1 (internal lan), eth0 (nic dedicated to the
> adsl modem)
>
> Firewall rules:
>
> Default 2.4. iptables (everything set to accept) except:
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> iptables -t nat -A POSTROUTING -o ippp0 -j MASQUERADE
>
>
> Routing Table:
> Default gw is set to the ptp partner of ippp0
>
>
> Problem:
>
> Packets which are received on ppp0 don''t get responded (tcpdump
shows only
> the incoming packets, no responses; stuff like ident lookups from irc
> servers time out although a ident server is running and bound to 0.0.0.0)
> Connections which get masqueraded through ppp0 with the following ruleset:
This is the classic ''information loss'' problem. A connection
comes in on the
IP address of ppp0, and now the response needs to go out. But over what
interface? Over the default route of course!
So now your ppp0 source address packet is going out over ippp0 which does
not work.
> ip rule add from 192.168.0.10 to default iif eth1 table 50
> ip route add table 50 via <ptp partner of ppp0>
>
> work fine though.
Yeah, that is what you need to do - force packets with the source address of
ppp0 to go out over ppp0, and same for ippp0. You need to point it out to
Linux that those interfaces are not equivalent.
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Software & Services
http://www.tk the dot in .tk
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO