Google
  Web www.spinics.net

Re: Rout looping through local host.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


	Hello,

On Tue, 21 Aug 2007, Grant Taylor wrote:

> I want to be able to take traffic in from a local LAN on eth0 and route 
> it out eth1 to a default gateway with a static IP.  I want said default 
> gateway with the static IP to be assigned to eth2.  I then want to route 
> and masquerade traffic that came in eth2 out eth3.
> 
> (Enter ASCII art)
> 
> --------------+
>    Context 0   |
>         +------+      +-----------+
>     +---+ eth0 |------+ Local LAN |
>     |   +------+      +-----------+
>     |          |
>     |   +------+
>     +---+ eth1 +---+
>         +------+   |
>                |   |
> ==============|===|===
>    Context 1   |   |
>         +------+   |
>     +---+ eth2 +---+
>     |   +------+
>     |          |
>     |   +------+      +----------+
>     +---+ eth3 +------+ Internet |
>         +------+      +----------+
>                |
> --------------+
> 
> I want the ""router in context 0 to effectively (for the sake of 
> discussion) do basic static NAT routing for the local LAN.  This router 
> will have two static IP addresses, LAN facing and upstream router facing.
> 
> I want the ""router in context 1 to effectively (for the sake of 
> discussion) do basic MASQUERADing for the equipment behind it.  This 
> router will have one static IP facing the LAN and one dynamic IP facing 
> its upstream provider.
> 
> I have followed Julian Anastasov's directions 
> (http://www.ssi.bg/~ja/send-to-self.txt) and applied his Send-to-Self 
> patch (http://www.ssi.bg/~ja/send-to-self-2.6.22-1.diff) to a stock 
> 2.6.22 kernel and I am able to ping the IP address assigned to eth2 from 
> eth1 with out any problems.  However I don't think Julian's patch covers 
> routing traffic through (not terminating at or originating locally) the 
> cross over cable.

	Yes, patch works for output routes only. May be you can try
to forward traffic with ip rules with iif parameter. Make sure you have
rules and routes for both directions. Of course, there must be some
IP addresses because routes work only for devices with IPs. SNAT should
be able to assign non-local external IP address, not possible for
MASQUERADE, you have to use SNAT everywhere. That is, don't configure the
SNAT addresses. Then you should not see local IPs in the traffic. Not sure
for other pitfalls.

Regards

--
Julian Anastasov <ja@xxxxxx>
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Bugtraq]     [Fedora Legacy]     [GCC Help]     [Yosemite News]     [Yosemite Photos]     [IP Tables]     [Netfilter Devel]     [Fedora Users]

Powered by Linux