Re: iptables problem with multible routes

To: debian-firewall@lists.debian.org
Subject: Re: iptables problem with multible routes
From: mlist-debianfirewall@x-tec.de
From: "Uwe A. P. Wuerdinger" <wuerdinger@x-tec.de>
Date: Fri, 05 Jul 2002 12:36:12 +0200
Message-id: <[🔎] 3D25769C.7010204@x-tec.de>
References: <[🔎] 3D25707F.8020002@x-tec.de> <20020705100805.GT31085@virus.home>

Jean Christophe ANDRÃ0/00 wrote:

mlist-debianfirewall@x-tec.de écrivait :

The packed got routed out to eth1, as expected but has the Source IP of
ppp0. What can I do to get that packets the right source IP for eth1


Check your NAT rule: you probably need to precise the output interface as
"-o ppp0" to only NAT when it goes thought the DSL line.

NOP that would break the NATing of the internal traffic that should goout to eth1:


iptables -t mangle -I PREROUTING 4 -p tcp -i eth0 --dport 22 \
-j MARK --set-mark 0x01



To clear things up a bit

most traffic from 192.168.x.x gets NATed and goes out to ppp0
some traffic from 192.168.x.x gets Nated and goes out to eth1

FW local traffic like SMTP, DOMAIN, SSH, IPv6 (6 in 4) tunnle doesn'tneeds NAT and should go to eth1.

When I use the -t mangle OUTPUT to mark the packets so that the use the
default route on eth1 they go out on eth1 put with the source IP of ppp0

Regards, J.C.



greets Uwe
--
X-Tec GmbH
Institute for Computer and Network Security
WWW : http://www.x-tec.de/



--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: iptables problem with multible routes
  - From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>

References:
- iptables problem with multible routes
  - From: mlist-debianfirewall@x-tec.de

Prev by Date: 563 port
Next by Date: Re: 563 port
Previous by thread: iptables problem with multible routes
Next by thread: Re: iptables problem with multible routes
Index(es):
- Date
- Thread