Re: [LARTC] simple source policy routing not working

To:	LARTC@mailman.ds9a.nl
Subject:	Re: [LARTC] simple source policy routing not working
From:	"Jorge Evangelista" <netsecuredata@gmail.com>
Date:	Fri, 23 Feb 2007 00:11:17 -0500
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=oOdBkQWvXDijj5rZy/mOYMVQdmCtnO2MUcOWVsxJmdIEcIahW1Pv6TZReg1vSg8bcdHldHuWBTWzcNEgp+rjXBE24ps3g+Vf0AeIUkrqBj4sm4b/rTj6ZFFBogEms+3ZcGFjYoKJfZiQn3jgbjHc8IHJdMejgmk1BYvW4Tzcqxs=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=dWIo5qQP+vNRB8j5nVbTzxEfmoHs1SVZnExksZN8d3vfuALaZBIPnv4ge6POwliDKA136lCPXL5PGkISzx8WvPsENgTpNsk+mmZ263RoYgh8cQX90x57j8pZPK0+BwL16xzyPnfFxPY+Ww8sobm74Da5Hf321BsRo6kwLpySblM=
In-reply-to:	<200702211342.04797.lartc@ethen.de>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References:	<200702211342.04797.lartc@ethen.de>
Sender:	lartc-bounces@mailman.ds9a.nl

Hi, I think that these rules could be work fine with you want to do,
you have to know gateway for network eth0 and wlan0.

eth0 192.168.1.10/24            ----> Example default Gateway   192.168.1.1
eth1 172.16.1.1/12               ----> LAN
wlan0 192.168.10.190/24      ----> Example default Gateway   192.168.10.1

Hi, I think that these rules could be work fine with you want to do,
you have to know gateway for network eth0 and wlan0.

eth0 192.168.1.10/24          ----> Default Gateway   192.168.1.1
eth1 172.16.1.1/12
wlan0 192.168.10.190/24       ----> Default Gateway   192.168.10.1


Rules

echo 100 T1 >> /etc/iproute2/rt_tables
echo 200 T2 >> /etc/iproute2/rt_tables

ip route add 192.168.1.0/24  dev eth0  src 192.168.1.10   table T1
ip route add 192.168.10.0/24 dev wlan0 src 192.168.10.190 table T1
ip route add default via 192.168.1.1 table T1

ip route add 192.168.1.0/24  dev eth0  src 192.168.1.10   table T2
ip route add 192.168.10.0/24 dev wlan0 src 192.168.10.190 table T2
ip route add default via 192.168.10.1 table T2

ip rule add from 172.30.230.230/32  table T2
ip rule add from 172.16.1.1/12      table T1

iptables -t nat -A POSTROUTING -o eth0  -j SNAT --to 192.168.1.10
iptables -t nat -A POSTROUTING -o wlan0 -j SNAT --to 192.168.10.190



Regards


On 2/21/07, Markus <lartc@ethen.de> wrote:

Hi,

my box is connected to 3 networks, eth0 eth1 wlan0. I want "my" traffic to go
via wlan0 and everything from eth1 NATed to eth0:
eth0 192.168.1.10/24
eth1 172.16.1.1/12
wlan0 192.168.10.190/24

I first tried this with two single hosts:

iptables -A POSTROUTING -j MASQUERADE -o eth0 -t nat
iptables -A POSTROUTING -j MASQUERADE -o wlan0 -t nat

echo 200 Forw >> /etc/iproute2/rt_tables

ip rule add from 172.30.230.230 table Forw

ip route add 192.168.1.99 via 192.168.10.1 dev wlan0 table main
ip route add 192.168.1.99 dev eth0 table Forw

ip -statistics route flush cache

ip route get 192.168.1.98 from 172.30.230.230 iif eth1
#    192.168.1.98 from 172.30.230.230 dev eth0  src 172.16.1.1
#    cache <src-direct>  mtu 1492 advmss 1452 fragtimeout 64 iif eth1
ip route get 192.168.1.99 from 172.30.230.230 iif eth1
#    192.168.1.99 from 172.30.230.230 dev eth0  src 172.16.1.1
#    cache <src-direct>  mtu 1492 advmss 1452 fragtimeout 64 iif eth1
ip route get 192.168.1.98
#    192.168.1.98 dev eth0  src 192.168.1.10
#    cache  mtu 1492 advmss 1452 fragtimeout 64
ip route get 192.168.1.99
#    192.168.1.99 via 192.168.10.1 dev wlan0  src 192.168.10.190
#    cache  mtu 1500 advmss 1460 fragtimeout 64

Before 172.30.230.230 was able to ping 192.168.1.99 and 192.168.1.98, after
192.168.1.99 was unreacheable.

What's wrong? Please help...

Markus

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc



--
"The network is the computer"
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] simple source policy routing not working, Markus Re: [LARTC] simple source policy routing not working, Jorge Evangelista <=

Previous by Date:	Re: [LARTC] Split access, load balancing AND forwarding: HOW?, Roy Orpiano
Next by Date:	Re: [LARTC] Split access, load balancing AND forwarding: HOW?, Ming-Ching Tiew
Previous by Thread:	[LARTC] simple source policy routing not working, Markus
Next by Thread:	[LARTC] Split access, load balancing AND forwarding: HOW?, Andrew McGill
Indexes:	[Date] [Thread] [Top] [All Lists]