Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Windows Networking > policy-based routing and NAT with iptables

Reply
Thread Tools Display Modes

policy-based routing and NAT with iptables

 
 
Florian Pressler
Guest
Posts: n/a

 
      02-19-2005, 01:45 AM
Hi!

I try to setup policy-based routing under linux with iptables and ip
route. I have two internet-connections with one public ip each, and i
have a local network which is to be natted on those two ips (which one
of those should depend on the portnumber).

I have created two routing-tables with one default-route each. I have
configured iptables so that packets with some port-numbers are marked.
Those packets marked should receive the second routing-table.

It all works wonderful, with one exception: The packets *which are
marked* are not translated *back* by iptables' nat. I checked it with
tcpdump: The packets are routed correctly. They are separated by
port-numbers and sent out on both external interfaces. They also are
natted correctly to the different ips. They come back as they should,
but only the packets which arrive at the "main" entry (they had not been
marked) are translated back and sent to the internal interface.

The point is that there doesn't seem to be an error in the
nat-configuration. Because when I swap the rules (which define which
routing-table is to be looked up), it (not) works exactly the other way
round. I do not touch the nat-rules themselves in this process.

Can anybody give me a hint what the problem could be? Probably I should
have a look at the state-machine of the different NATs (how?), what
would you say?

regards,
Florian

PS: a little config-snippet:

# packets are classified with
iptables -t mangle -A PREROUTING -m multiport -p tcp --dport 80,22 -j
MARK --set-mark 2

hostname:/home/airflow# ip rule show
0: from all lookup local
10: from all lookup main
15: from all fwmark 2 lookup aon
20: from all lookup default

hostname:/home/airflow# ip route list table default
default via 84.113.191.1 dev eth0
hostname:/home/airflow# ip route list table aon
default dev ppp0 scope link

# nat-configuration
iptables -t nat -A POSTROUTING -o eth0 -s 172.21.31.0/24 -j SNAT --to
x.y.z.a
iptables -t nat -A POSTROUTING -o ppp0 -s 172.21.31.0/24 -j MASQUERADE

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- hetzendorf.local/24 anywhere to:x.y.z.a
MASQUERADE all -- hetzendorf.local/24 anywhere

--
Homepage: http://fp.ath.cx/ PGP-keyID: C9FEDBA2
 
Reply With Quote
 
 
 
Reply

« what is the difference b/w exchange user and active directory user | 7-13 Nov 2004 Computer city rebate on Netgear routers »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
logon to Active directory VS policy based router SE Windows Networking 0 11-16-2006 01:17 AM
policy-based routing and NAT with iptables Florian Pressler Linux Networking 0 02-19-2005 01:45 AM
policy routing Alex Harsch Linux Networking 0 11-22-2004 05:25 PM
iptables mac based filtering RJ41 Linux Networking 3 09-04-2003 07:18 PM
policy routing and NAT jens Linux Networking 0 08-28-2003 04:23 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11