Routing with iptables

I have iptables as router and i would like to redirect all traffic from my
lan computer (that gets its own external ip by iptables on outgoing
connections) to make external gateway loop when i connect to my other
external ip that is routed to another computer in same lan.(wow, thats along
sentence) Now iptables automatically routes from one internal ip to another,
even if i connect to my other computer using its external ip.
How should i write iptables to make that happen?

Thx, J.

On Tue, 24 Mar 2009 14:45:45 +0100, Jozza wrote:

> I have iptables as router and i would like to redirect all traffic from
> my lan computer (that gets its own external ip by iptables on outgoing
> connections) to make external gateway loop when i connect to my other
> external ip that is routed to another computer in same lan.(wow, thats
> along sentence) Now iptables automatically routes from one internal ip
> to another, even if i connect to my other computer using its external
> ip. How should i write iptables to make that happen?
>
> Thx, J.

JFGI. STFW.


--
"Ubuntu" -- an African word, meaning "Slackware is too hard for me".
Need help?: http://brandybuck.site40.net/pics/ubuntu.jpg
The Usenet Improvement Project: http://improve-usenet.org
Ahhhhhhhh!: http://brandybuck.site40.net/pics/relieve.jpg

"Dan C" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> On Tue, 24 Mar 2009 14:45:45 +0100, Jozza wrote:
>
>> I have iptables as router and i would like to redirect all traffic from
>> my lan computer (that gets its own external ip by iptables on outgoing
>> connections) to make external gateway loop when i connect to my other
>> external ip that is routed to another computer in same lan.(wow, thats
>> along sentence) Now iptables automatically routes from one internal ip
>> to another, even if i connect to my other computer using its external
>> ip. How should i write iptables to make that happen?
>>
>> Thx, J.
>
> JFGI. STFW.
>
>
> --
> "Ubuntu" -- an African word, meaning "Slackware is too hard for me".
> Need help?: http://brandybuck.site40.net/pics/ubuntu.jpg
> The Usenet Improvement Project: http://improve-usenet.org
> Ahhhhhhhh!: http://brandybuck.site40.net/pics/relieve.jpg


Aha, i see ... Could you elaborate on that more?

Jozza <(E-Mail Removed)> wrote:
> I have iptables as router and i would like to redirect all traffic from my
> lan computer (that gets its own external ip by iptables on outgoing
> connections) to make external gateway loop when i connect to my other
> external ip that is routed to another computer in same lan.(wow, thats along
> sentence) Now iptables automatically routes from one internal ip to another,
> even if i connect to my other computer using its external ip.
> How should i write iptables to make that happen?

I think you will probably get more (useful) help if you reconsider what
it is you're trying to ask, and put it into simpler, more coherent,
sentences. I, for one, can't see what on earth you're trying to achieve.

Chris

On Tue, 24 Mar 2009 15:05:44 +0100, Jozza wrote:

>>> I have iptables as router and i would like to redirect all traffic
>>> from my lan computer (that gets its own external ip by iptables on
>>> outgoing connections) to make external gateway loop when i connect to
>>> my other external ip that is routed to another computer in same
>>> lan.(wow, thats along sentence) Now iptables automatically routes from
>>> one internal ip to another, even if i connect to my other computer
>>> using its external ip. How should i write iptables to make that
>>> happen?

>> JFGI. STFW.

> Aha, i see ... Could you elaborate on that more?

No. It's already completely answered.

Besides, I only help Outhouse-Excuse-using trolls with 3rd-grade level
grammar once. It's a strict rule that I have. Have fun.


--
"Ubuntu" -- an African word, meaning "Slackware is too hard for me".
Need help?: http://brandybuck.site40.net/pics/ubuntu.jpg
The Usenet Improvement Project: http://improve-usenet.org
Ahhhhhhhh!: http://brandybuck.site40.net/pics/relieve.jpg

"Jozza" <(E-Mail Removed)> wrote in message
news:gqao88$pce$(E-Mail Removed)...
>
> I have iptables as router and i would like to redirect all traffic from my
> lan computer (that gets its own external ip by iptables on outgoing
> connections) to make external gateway loop when i connect to my other
> external ip that is routed to another computer in same lan.(wow, thats
> along sentence) Now iptables automatically routes from one internal ip to
> another, even if i connect to my other computer using its external ip.
> How should i write iptables to make that happen?
>
> Thx, J.
>
>

Its like this:

computer A (192.168.0.1) external ip 10.10.10.1 set by router with
$iptables -t nat -A POSTROUTING -s 192.168.0.1/32 -j SNAT --to 10.10.10.1

computer B (192.168.0.2) default external ip 10.10.10.2 set by router with
$iptables -t nat -A POSTROUTING -s 192.168.0.1/24 -j SNAT --to 10.10.10.2

router C with two interfaces (internal 192.168.0.3 and 10.10.10.2 external)
has external gateway 10.10.10.3

When A calls B by its external ip 10.10.10.2, i want to make the router to
send call over 10.10.10.3 gateway instead of directly to A's internal ip,
because by current settings, probably this one
$iptables -t nat -A PREROUTING -d 10.10.10.1 -j DNAT --to 192.168.0.1

it figures out that it can directly send call to internal network

I hope this is more clear

J.

"Dan C" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> On Tue, 24 Mar 2009 15:05:44 +0100, Jozza wrote:
>
>>>> I have iptables as router and i would like to redirect all traffic
>>>> from my lan computer (that gets its own external ip by iptables on
>>>> outgoing connections) to make external gateway loop when i connect to
>>>> my other external ip that is routed to another computer in same
>>>> lan.(wow, thats along sentence) Now iptables automatically routes from
>>>> one internal ip to another, even if i connect to my other computer
>>>> using its external ip. How should i write iptables to make that
>>>> happen?
>
>>> JFGI. STFW.
>
>> Aha, i see ... Could you elaborate on that more?
>
> No. It's already completely answered.
>
> Besides, I only help Outhouse-Excuse-using trolls with 3rd-grade level
> grammar once. It's a strict rule that I have. Have fun.
>
>
> --
> "Ubuntu" -- an African word, meaning "Slackware is too hard for me".
> Need help?: http://brandybuck.site40.net/pics/ubuntu.jpg
> The Usenet Improvement Project: http://improve-usenet.org
> Ahhhhhhhh!: http://brandybuck.site40.net/pics/relieve.jpg

Ok, Dan

you are probably having some other issues at the moment...did you recently
see some hard-to-take-as-truth documentary?

Jozza <(E-Mail Removed)> wrote:
> computer A (192.168.0.1) external ip 10.10.10.1 set by router with
> $iptables -t nat -A POSTROUTING -s 192.168.0.1/32 -j SNAT --to 10.10.10.1

OK, so you want to present [A] with source IP address 10.10.10.1


> computer B (192.168.0.2) default external ip 10.10.10.2 set by router with
> $iptables -t nat -A POSTROUTING -s 192.168.0.1/24 -j SNAT --to 10.10.10.2

In the context of your definition for [A], I'm not sure this makes
sense. Did you mean this instead?

computer B (192.168.0.2) default external ip 10.10.10.2 set by router with
$iptables -t nat -A POSTROUTING -s 192.168.0.2 -j SNAT --to 10.10.10.2


> router C with two interfaces (internal 192.168.0.3 and 10.10.10.2 external)
> has external gateway 10.10.10.3

If [C] has its external IP address as 10.10.10.2, how are you going to
differentiate inbound packets destined for [B] vs [C]?

What's the netmask for your 10.10.10.x network? I'll assume it's somewhere
between /8 and /24...


> When A calls B by its external ip 10.10.10.2, i want to make the router to
> send call over 10.10.10.3 gateway instead of directly to A's internal ip,

I don't think you can do that. 10.10.10.0/24 is attached to the external
interface of the router, so at best the router would attempt to route it
out and back again via its own external interface. In all probability
this will break and fail to work at all. (Many devices struggle with
double NAT on the same interface.)


> because by current settings, probably this one
> $iptables -t nat -A PREROUTING -d 10.10.10.1 -j DNAT --to 192.168.0.1

This handles inbound packets for [A], not for [B].

Chris