[ILUG] Routing.

[Mark Kilmartin]

It is IPtables I'm using.

I have the NAT working on incoming packets.

The following works.

Somebody connects to d.e.f.1

This is NATed to 192.168.0.1

The replies from the server are NATed to d.e.f.1 and routed over the
interface that connects to d.e.f.x.

This is perfect exactly what I want.

On the other hand if I connect to a.b.c.1

This is NATed to 192.168.0.1

Correct so far.

The replies from the server are NATed to a.b.c.1
Also correct.

But these packets are now sent over the interface connected to d.e.f.x
instead of the interface connected a.b.c.x

Note the default route is set for d.e.f.x

MArk



On Tue, 2002-01-15 at 18:08, Martin Feeney wrote:
> On Tue, 15 Jan 2002 16:41:18 Mark Kilmartin wrote:
> 
> > I'm still having the same problem packets arrive on one interface but
> > try to return on another interface(The default route)
> 
> Sorry, misread your email.  The problem is with your firewall rules.
> 
> Are you using iptables or ipchains?  What are the rules your firewall 
> builder churns out for you?
> 
> What you need for port forwarding is something like:
> 
> iptables -A PREROUTING -t nat -p tcp -d d.e.f.1 --dport 80 -j DNAT \
> 	--to 192.168.0.8:80
> 
> for iptables.
> 
> You can check this via "iptables -t nat -L -n".
> 
> It's a little more complicated if you're using ipchains.  If you're using 
> a firewall builder, I'd advise switching to iptables if the firewall 
> builder supports it.
> 
> Essentially you have to exclude port 80 communication from the internal 
> host being masqueraded by ipchains so that ipmasqadm can pick it up 
> properly.
> 
> iptables is nicer as it's all one mechanism and the PREROUTING chain is 
> executed before anything else.
> 
> Martin.
> 
> -- 
> Irish Linux Users' Group: ilug at linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at linux.ie