Re: [OT] Source Based Routing

To: debian-user@lists.debian.org
Subject: Re: [OT] Source Based Routing
From: "Martin Marcher" <martin.marcher@gmail.com>
Date: Wed, 25 Jul 2007 09:26:01 +0200
Message-id: <[🔎] db90db6e0707250026m14e6af90k805995915a1b7a87@mail.gmail.com>
In-reply-to: <[🔎] 20070725061406.GB16565@dementia.proulx.com>
References: <[🔎] db90db6e0707241423l1c60c404r4b0f4d426d39ca71@mail.gmail.com> <[🔎] 20070725061406.GB16565@dementia.proulx.com>

Hi,

On 7/25/07, Bob Proulx <bob@proulx.com> wrote:

Martin Marcher wrote:
> i have a setup where i have a borderline box that has 5 public IP
> Addresses (this is for the sake of example: 192.0.2.8/29), all is
> NATed to 10.200.10.0/24. Now the IP the provider uses as gateway is
> 192.0.2.9 which makes me have 192.0.2.10-14 as a usable range.

Uhm...  Five public IPs is normal for an 8 IP subnet.  But I don't
understand your statement about NAT'ing them all to 10.200.10.0/24,
especially since the ranges do not add up.  I am guessing you are
sanitizing addresses (okay) and not quite getting things lined up
right.


You are right, atm the IPs are 192.0.2.9-14 which are public

* 192.0.2.9 is used by our provider
* 192.0.2.10-14 are free for us to use

192.10.2.10 is the default outgoing route (where this physical box has
aliases for the other IPs too on the same interface)

The internal interface on this box has the IP 10.200.10.1 and serves
the rest of the range via DHCP where 10.200.10.1 is the gateway
address (that's what I meant by the network behind is NATed)

> The default gateway on my borderline box is 192.10.2.10.10 which makes

Hmm...  Check that address again.  It can't be a 40 bit address.  :-)


err yes :)

It was a bit late yesterday, as said above 192.0.2.10 is the default
gateway on the borderline box

> all traffic from my network look like it came from this address which
> was fine until now.

Do you mean that you have NAT configured so that all clients appears
to come from your gateway?


exactly

> Say I want 10.200.10.50 to look like it came from 192.0.2.11 how do I do
> that?

Let me recommend using Shorewall for this.  There are a lot of
packages that facilitate driving the Linux netfilter.  I like the
Shorewall one best.  YMMV.

  http://www.shorewall.net/NAT.htm

I believe that page documents the configuration that you are wanting
to create.  If nothing else it should be an additional reference.


sounds like a good options, unfortunately I can only use it as a last
resort, since the box is an embedded box and not exactly debian - It's
embcop but a standard x86 Processor afaik and my boss is picky about
it. I'll look into shorewall heard a lot about it and mostly only good
stuff.


> I found http://www.wlug.org.nz/SourceBasedRouting which seems to do
> what I want the approach also seems easily extensible since I could
> easily add more addresses to a certain routing table, or maybe even
> add more routing tables so that I could use the full range as outgoing
> IP addresses depending on the source IP address.
>
> Am I on the right track?

Seemingly so far you seem to be on track to me.  Excepting the noted
confusion about addresses.


Ah yea, OOC[1]-Segfault

martin

[1] Out Of Coffe

Reply to:

References:
- [OT] Source Based Routing
  - From: "Martin Marcher" <martin.marcher@gmail.com>
- Re: [OT] Source Based Routing
  - From: bob@proulx.com (Bob Proulx)

Prev by Date: Re: Installing OOo 2.2.1 from backports on Stable
Next by Date: Re: with etch, /etc/fstab root not needed?
Previous by thread: Re: [OT] Source Based Routing
Next by thread: Re: [OT] Source Based Routing
Index(es):
- Date
- Thread