Forcing a particular IP address out to an interface

Hi,

I have two machines, both running 2.6.{8,9} kernels

+-----left------+ +-----right-----+
| | | |
| 192.168.1.23 +-ppp0---+ 192.168.1.10 |
| 192.168.1.49 | | |
| 192.168.1.75 | | iptables masq |
| . . . . . . . | | to/from ppp0 |
| | | |
| 192.168.0.23 +-eth0---+ 192.168.0.10 |
| | | |
+---------------+ +---------------+

The 192.168.1.xxx are bound to the ppp0 connection (xxx.23 by the usual
pppd option, the 49/75 by using "ifconfig ppp0:0 ...49" and "ifconfig
ppp0:1 ...75"

What I want (for testing purposes) is when I
nick@left $ ping 192.168.1.49
I want the ping packets to travel to eth0, to 'right', and 'right' will
forward over ppp0 back to 'left'. Similar for ...23 and ...75

However the result is I get very short ping times, making me suspect
that it stayed entirely within the machine.
nick@left $ telnet 192.168.1.49 80 ## I have a web server
and
nick@left $ netstat -a -n | grep -w 80
gives
source = 192.168.1.49:<random_port>
destin = 192.168.1.49:80

What I like to see
source = 192.168.1.10:<random_port> (ie masq'd from 'right')
destin = 192.168.1.49:80


====================
Question:
====================
How do I force the packets for 192.168.1.xxx out over eth0?

What I tried so far:
root@left $ route add -host 192.168.1.49 gw 192.168.0.10
seems to have no effect
nick@left $ route -n
gives a default route to 192.168.0.10 (as intended)
nick@right $ route -n
gives a default route to 192.168.1.23 (as intended, via ppp)


====================
Notes:
====================
1. If I had 3 machines, I'd use them!
(left)--eth0--(right)--ppp0--(extra)
2. It seems I could use vmware, or I can use iptables/DNAT, but are
there any easier approaches?

Nick Bishop
-----
email replies ignored
-----
Proposed additions to the PDP11 instruction set:
GWN Generate Whining Noise
FDP Fill Desk with Paper
TT Tangle Threads
-oOo-

(E-Mail Removed) wrote:
>Hi,
>
>I have two machines, both running 2.6.{8,9} kernels
>
> +-----left------+ +-----right-----+
> | | | |
> | 192.168.1.23 +-ppp0---+ 192.168.1.10 |
> | 192.168.1.49 | | |
> | 192.168.1.75 | | iptables masq |
> | . . . . . . . | | to/from ppp0 |
> | | | |
> | 192.168.0.23 +-eth0---+ 192.168.0.10 |
> | | | |
> +---------------+ +---------------+
>
>The 192.168.1.xxx are bound to the ppp0 connection (xxx.23 by the usual
>pppd option, the 49/75 by using "ifconfig ppp0:0 ...49" and "ifconfig
>ppp0:1 ...75"
>
>What I want (for testing purposes) is when I
> nick@left $ ping 192.168.1.49

That is pinging a IP address assigned to an interface on
that host. The actual path is *guaranteed* not to go anywhere
near either of the two interfaces shown! It will be routed
to the lo interface! (On an idle system, run ifconfig then
ping an interface, and run ifconfig again to compare the
packet counts on various interfaces, and you'll see that the
lo device is the one which was incremented.)

>I want the ping packets to travel to eth0, to 'right', and 'right' will
>forward over ppp0 back to 'left'. Similar for ...23 and ...75

Can't be done for an IP address assigned to a NIC on the same
host.

--
Floyd L. Davidson <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) (E-Mail Removed)

On Tue, 11 Oct 2005 23:08:54 -0800, (E-Mail Removed) (Floyd L. Davidson) wrote:

>
>>I want the ping packets to travel to eth0, to 'right', and 'right' will
>>forward over ppp0 back to 'left'. Similar for ...23 and ...75
>
>Can't be done for an IP address assigned to a NIC on the same
>host.

Unless OP resorts to some nasty sub-net routing, anything's possible,
but, I wonder, why?

Grant.

Grant <g_r_a_n_t_@dodo.com.au> wrote:
>On Tue, 11 Oct 2005 23:08:54 -0800, (E-Mail Removed) (Floyd L. Davidson) wrote:
>
>>
>>>I want the ping packets to travel to eth0, to 'right', and 'right' will
>>>forward over ppp0 back to 'left'. Similar for ...23 and ...75
>>
>>Can't be done for an IP address assigned to a NIC on the same
>>host.
>
>Unless OP resorts to some nasty sub-net routing, anything's possible,
>but, I wonder, why?

It never gets anywhere near the route table though. If the IP
address is assigned to an interface on the host, it goes to the
lo device regardless of what is in the route table.

--
Floyd L. Davidson <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) (E-Mail Removed)

Floyd L. Davidson wrote:

> It never gets anywhere near the route table though. If the IP
> address is assigned to an interface on the host, it goes to the
> lo device regardless of what is in the route table.

As they would say in New Zealand, BUGGER.

Next approach: pretend that the ppp0 interface on the 'left' box has IP
addresses:
192.168.3.xx, and use iptables to mangle the destination address of
the packet somewhere along its route.

1. Therefore on left, I ping 192.168.3.23.
2. It will route out to 'right', via eth0
3. when right receives the packet, it will forward to the ppp0
connection, courtesy of its default route (we also have masquerading
here, changes source addr to 192.168.1.10)
4. in 'left', I will have to use iptables to mangle the incoming
packet to alter the destination address to 192.168.1.23

It requires I use something like (please excuse syntax):
iptables -t nat -A PREROUTING -i ppp+ --dst 192.168.3.23 -j DNAT
--todestination-addr 192.168.1.23

I already tried mangling the outgoing packet on left using
iptables -t nat -A OUTPUT --dst 192.168.3.23 -j DNAT
--todestination-addr 192.168.1.23
but I ran into the same razor.

Nick Bishop, email replies ignored.
-----
Position vacant: suicide bomber.
Previous experience essential.
-oOo-