Hello All,
I am trying to setup a linux box as a forwarding router based of src IP. The
problem is that it does forward the pkts to the intended server specified in
the ip rule, but it also forwards it to the original dst (dst specified in
the pkt).
Here is the setup:
[10.1.0.166]
[192.168.1.225]
|
|
| [A]
[B] |
|-------[10.1.0.63/172.16.1.63] ----------- [
172.16.1.64/192.168.1.65] ---------|
| linux box only has linux-router in
question |
| net.ipv4.ip_forward=1
|
|
|
[10.1.0.167]
[192.168.1.100]
A - is just a linux box doing forwarding for the 2 networks 10.1.x.x - >
172.16.1.x.
B - is the linux router which I want to setup as forwarding.
The pkts come from 10.1.0.166 and .167 -> to 192.168.1.100
I want to setup rules on [B] to forward all pkts with src addr. 10.1.0.166to
192.168.1.225.
And, all pkts from 10.1.0.167 to 192.168.1.100 should still go to
192.168.1.100.
Here are the rules I setup.
[root@forwarder ~]# ip rule sh
0: from all lookup local
32765: from 10.1.0.166 lookup 225
32766: from all lookup main
32767: from all lookup default
[root@forwarder ~]# ip ro sh tab 225
192.168.1.0/24 via 192.168.1.225 dev eth1
The pkts still go to both .225 and .100. I checked on another machine
connected to the same switch as 192.168.1.100 and 192.168.1.225 and its not
receiving the pkts. So, it doesnt seem like the switch is screwing up and
broadcasting the packets everywhere.
I would appreciate any kind of help or pointers.
Thanks for your time.
-- pranav
------------------------------
http://pd.dnsalias.org
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Why don''t you use DNAT ?
The via address is supposed to be the address of nexthop router.
-----Original Message-----
From: lartc-bounces@mailman.ds9a.nl
[mailto:lartc-bounces@mailman.ds9a.nl] On Behalf Of Pranav Desai
Sent: Saturday, August 18, 2007 6:53 AM
To: lartc
Subject: [LARTC] Policy base forwarding issues
Hello All,
I am trying to setup a linux box as a forwarding router based of src IP.
The problem is that it does forward the pkts to the intended server
specified in the ip rule, but it also forwards it to the original dst
(dst specified in the pkt).
Here is the setup:
[10.1.0.166]
[192.168.1.225]
|
|
| [A]
[B] |
|-------[10.1.0.63/172.16.1.63] -----------
[172.16.1.64/192.168.1.65] ---------|
| linux box only has linux-router in
question |
| net.ipv4.ip_forward=1
|
|
|
[10.1.0.167]
[192.168.1.100]
A - is just a linux box doing forwarding for the 2 networks 10.1.x.x - >
172.16.1.x.
B - is the linux router which I want to setup as forwarding.
The pkts come from 10.1.0.166 and .167 -> to 192.168.1.100
<http://192.168.1.100>
I want to setup rules on [B] to forward all pkts with src addr.
10.1.0.166 to 192.168.1.225.
And, all pkts from 10.1.0.167 <http://10.1.0.167> to 192.168.1.100
should still go to 192.168.1.100.
Here are the rules I setup.
[root@forwarder ~]# ip rule sh
0: from all lookup local
32765: from 10.1.0.166 lookup 225
32766: from all lookup main
32767: from all lookup default
[root@forwarder ~]# ip ro sh tab 225
192.168.1.0/24 <http://192.168.1.0/24> via 192.168.1.225 dev eth1
The pkts still go to both .225 and .100. I checked on another machine
connected to the same switch as 192.168.1.100 and 192.168.1.225 and its
not receiving the pkts. So, it doesnt seem like the switch is screwing
up and broadcasting the packets everywhere.
I would appreciate any kind of help or pointers.
Thanks for your time.
-- pranav
------------------------------
http://pd.dnsalias.org
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Thanks for the reply. On 8/20/07, Salim S I <salim.si@cipherium.com.tw> wrote:> > Why don''t you use DNAT ? > > The via address is supposed to be the address of nexthop router. >I could, but on the receiving side we need the IP of the destination for testing some issue. Also, I have had some success with the setup. After setting the rules and routes with explicit devices i.e. ip rul add from 10.1.0.166 dev eth0 table 2 it seems to work a lot better. I will test it a bit more. -- Pranav -----Original Message-----> *From:* lartc-bounces@mailman.ds9a.nl [mailto: > lartc-bounces@mailman.ds9a.nl] *On Behalf Of *Pranav Desai > *Sent:* Saturday, August 18, 2007 6:53 AM > *To:* lartc > *Subject:* [LARTC] Policy base forwarding issues > > > > Hello All, > > I am trying to setup a linux box as a forwarding router based of src IP. > The problem is that it does forward the pkts to the intended server > specified in the ip rule, but it also forwards it to the original dst (dst > specified in the pkt). > > > Here is the setup: > > [10.1.0.166] > [192.168.1.225] > | > | > | [A] > [B] | > |-------[10.1.0.63/172.16.1.63] ----------- [ > 172.16.1.64/192.168.1.65] ---------| > | linux box only has linux-router in > question | > | net.ipv4.ip_forward=1 > | > > | > | > [10.1.0.167] > [192.168.1.100] > > > A - is just a linux box doing forwarding for the 2 networks 10.1.x.x - > > 172.16.1.x. > B - is the linux router which I want to setup as forwarding. > > The pkts come from 10.1.0.166 and .167 -> to 192.168.1.100 > I want to setup rules on [B] to forward all pkts with src addr. 10.1.0.166to > 192.168.1.225. > And, all pkts from 10.1.0.167 to 192.168.1.100 should still go to > 192.168.1.100. > > Here are the rules I setup. > > [root@forwarder ~]# ip rule sh > 0: from all lookup local > 32765: from 10.1.0.166 lookup 225 > 32766: from all lookup main > 32767: from all lookup default > > [root@forwarder ~]# ip ro sh tab 225 > 192.168.1.0/24 via 192.168.1.225 dev eth1 > > The pkts still go to both .225 and .100. I checked on another machine > connected to the same switch as 192.168.1.100 and 192.168.1.225 and its > not receiving the pkts. So, it doesnt seem like the switch is screwing up > and broadcasting the packets everywhere. > > I would appreciate any kind of help or pointers. > > Thanks for your time. > > -- pranav > > ------------------------------ > http://pd.dnsalias.org >-- ------------------------------ http://pd.dnsalias.org _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc