LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Routing.

[ILUG] Routing.

Mark Kilmartin mrk at renre-europe.com
Tue Jan 15 18:26:07 GMT 2002 

It is IPtables I'm using.

I have the NAT working on incoming packets.

The following works.

Somebody connects to d.e.f.1

This is NATed to 192.168.0.1

The replies from the server are NATed to d.e.f.1 and routed over the
interface that connects to d.e.f.x.

This is perfect exactly what I want.

On the other hand if I connect to a.b.c.1

This is NATed to 192.168.0.1

Correct so far.

The replies from the server are NATed to a.b.c.1
Also correct.

But these packets are now sent over the interface connected to d.e.f.x
instead of the interface connected a.b.c.x

Note the default route is set for d.e.f.x

MArk



On Tue, 2002-01-15 at 18:08, Martin Feeney wrote:
> On Tue, 15 Jan 2002 16:41:18 Mark Kilmartin wrote:
> 
> > I'm still having the same problem packets arrive on one interface but
> > try to return on another interface(The default route)
> 
> Sorry, misread your email.  The problem is with your firewall rules.
> 
> Are you using iptables or ipchains?  What are the rules your firewall 
> builder churns out for you?
> 
> What you need for port forwarding is something like:
> 
> iptables -A PREROUTING -t nat -p tcp -d d.e.f.1 --dport 80 -j DNAT \
> 	--to 192.168.0.8:80
> 
> for iptables.
> 
> You can check this via "iptables -t nat -L -n".
> 
> It's a little more complicated if you're using ipchains.  If you're using 
> a firewall builder, I'd advise switching to iptables if the firewall 
> builder supports it.
> 
> Essentially you have to exclude port 80 communication from the internal 
> host being masqueraded by ipchains so that ipmasqadm can pick it up 
> properly.
> 
> iptables is nicer as it's all one mechanism and the PREROUTING chain is 
> executed before anything else.
> 
> Martin.
> 
> -- 
> Irish Linux Users' Group: ilug at linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at linux.ie

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell