cross routing

Here is my problem:

2.2.2.1 +--------------+
Internet------------------| Remote Linux |
| +--------------+
| |
| |
| VPN via Internet
| |
| | 2.2.2.129
+-------------+ +-------------+
| ADSL Router | | Local Linux |
+-------------+ +-------------+
| 1.1.1.1 | 1.1.1.2
---------------+---------------+-----------+--------
| 2.2.2.130
+----------+
| Local WS |
+----------+


I've got a local LAN with a few public IP (1.1.1.*),
and a remote LAN with other public IP (2.2.2.128/25).

On the local LAN, I've got some workstation on a subnet of the remote
LAN (a range 2.2.2.128/25), this subnet is bridged thru a VPN between
the "Local Linux" box and the "Remote Linux" box.

The problem is how to set up the "Local Linux" box so as to route
packages coming from the local 2.2.2.128/25 range to "Remote Linux"
via the VPN, while at the same time keeping the default route for this
"Local Linux" thru the 1.1.1.1 ADSL Router (the local Internet
connection)?

The local (1.1.1.*) traffic should be routed locally, while the remote
range (2.2.2.128/25) should be routed thru the VPN.



On "Local Linux" I tried:

route default gw 1.1.1.1
iptables -A FORWARD --source 2.2.2.128/25 -o ppp0

but it seems that -o only "selects" the packets and does not modify
their routing.

I would like to speficy that packets coming from 2.2.2.128/25 should
be routed to 2.2.2.1 (ie. via the ppp0 VPN interface), and packets
coming from other IP (including generated locally) should be routed
normally (with the default to 1.1.1.1). How can I do that?


--
__Pascal_Bourguignon__ http://www.informatimago.com/
There is no worse tyranny than to force a man to pay for what he doesn't
want merely because you think it would be good for him.--Robert Heinlein
http://www.theadvocates.org/

On 10 Jun 2004, Pascal Bourguignon <(E-Mail Removed)> wrote:
>
> Here is my problem:
>
> 2.2.2.1 +--------------+
> Internet------------------| Remote Linux |
> | +--------------+
> | |
> | |
> | VPN via Internet
> | |
> | | 2.2.2.129
> +-------------+ +-------------+
> | ADSL Router | | Local Linux |
> +-------------+ +-------------+
> | 1.1.1.1 | 1.1.1.2
> ---------------+---------------+-----------+--------
> | 2.2.2.130
> +----------+
> | Local WS |
> +----------+
>
>
> I've got a local LAN with a few public IP (1.1.1.*),
> and a remote LAN with other public IP (2.2.2.128/25).
>
> On the local LAN, I've got some workstation on a subnet of the remote
> LAN (a range 2.2.2.128/25), this subnet is bridged thru a VPN between
> the "Local Linux" box and the "Remote Linux" box.
>
> The problem is how to set up the "Local Linux" box so as to route
> packages coming from the local 2.2.2.128/25 range to "Remote Linux"
> via the VPN, while at the same time keeping the default route for this
> "Local Linux" thru the 1.1.1.1 ADSL Router (the local Internet
> connection)?
>
> The local (1.1.1.*) traffic should be routed locally, while the remote
> range (2.2.2.128/25) should be routed thru the VPN.

Just curious if proxy arp would work for a vpn? In other words if route
for ipsec0 covered 2.2.2.128/25 and assuming eth0 is 2.2.2.1, would eth0
answer for ipsec0 IPs, assuming that iptables allowed it and:

echo "1" > /proc/sys/net/ipv4/conf/eth0/proxy_arp

I enable proxy_arp on /24 eth0 LAN interface, so main LAN does not need a
gateway to find /29 wireless subnet on eth1 (eth0 answers arp for eth1
IPs). But I have not tried proxy_arp for a vpn.

--
David Efflandt - All spam ignored http://www.de-srv.com/

Pascal Bourguignon <(E-Mail Removed)> wrote
news:(E-Mail Removed):

> The local (1.1.1.*) traffic should be routed locally, while the remote
> range (2.2.2.128/25) should be routed thru the VPN.

> route default gw 1.1.1.1
add
route add 2.2.2.0 netmask 255.255.255.0 gw <local vpn ip>

where <local vpn ip> should be the ip of the ppp0 device (or the local ip
of any vpn device).

> iptables -A FORWARD --source 2.2.2.128/25 -o ppp0

Filtering ,and so iptables, are not involved in this process.

You may also have a look to iproute2, but it would be too much complicated
to solve your "simple" routing problem.


Regards