Re: [OT] Source Based Routing

To: debian-user@lists.debian.org
Subject: Re: [OT] Source Based Routing
From: bob@proulx.com (Bob Proulx)
Date: Wed, 25 Jul 2007 00:14:06 -0600
Message-id: <[🔎] 20070725061406.GB16565@dementia.proulx.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] db90db6e0707241423l1c60c404r4b0f4d426d39ca71@mail.gmail.com>
References: <[🔎] db90db6e0707241423l1c60c404r4b0f4d426d39ca71@mail.gmail.com>

Martin Marcher wrote:
> i have a setup where i have a borderline box that has 5 public IP
> Addresses (this is for the sake of example: 192.0.2.8/29), all is
> NATed to 10.200.10.0/24. Now the IP the provider uses as gateway is
> 192.0.2.9 which makes me have 192.0.2.10-14 as a usable range.

Uhm...  Five public IPs is normal for an 8 IP subnet.  But I don't
understand your statement about NAT'ing them all to 10.200.10.0/24,
especially since the ranges do not add up.  I am guessing you are
sanitizing addresses (okay) and not quite getting things lined up
right.

> The default gateway on my borderline box is 192.10.2.10.10 which makes

Hmm...  Check that address again.  It can't be a 40 bit address.  :-)

> all traffic from my network look like it came from this address which
> was fine until now.

Do you mean that you have NAT configured so that all clients appears
to come from your gateway?

> Say I want 10.200.10.50 to look like it came from 192.0.2.11 how do I do 
> that?

Let me recommend using Shorewall for this.  There are a lot of
packages that facilitate driving the Linux netfilter.  I like the
Shorewall one best.  YMMV.

  http://www.shorewall.net/NAT.htm

I believe that page documents the configuration that you are wanting
to create.  If nothing else it should be an additional reference.

> I found http://www.wlug.org.nz/SourceBasedRouting which seems to do
> what I want the approach also seems easily extensible since I could
> easily add more addresses to a certain routing table, or maybe even
> add more routing tables so that I could use the full range as outgoing
> IP addresses depending on the source IP address.
> 
> Am I on the right track?

Seemingly so far you seem to be on track to me.  Excepting the noted
confusion about addresses.

> FYI: The purpose is that I want to have an outbound mail server and a
> seperate inbound one. And I want to have them use 2 different IP
> Addresses - if you know a simpler approach to this (the constraint is
> to keep a single borderline box) I'm very much open to suggestions

Seems reasonable.

Bob

Reply to:

Follow-Ups:
- Re: [OT] Source Based Routing
  - From: "Martin Marcher" <martin.marcher@gmail.com>

References:
- [OT] Source Based Routing
  - From: "Martin Marcher" <martin.marcher@gmail.com>

Prev by Date: Re: Diskless workstations
Next by Date: Re: Diskless workstations
Previous by thread: [OT] Source Based Routing
Next by thread: Re: [OT] Source Based Routing
Index(es):
- Date
- Thread