Hi, I have some Problems with Advanced Routing by FWMARK. Here my configuration: static routes ( route -n ) : Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface ... 192.168.1.0 10.111.111.1 255.255.255.0 UG 0 0 0 eth0 ... 192.168.7.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2 192.168.6.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2 192.168.5.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2 192.168.4.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2 192.168.3.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2 192.168.2.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2 192.168.12.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2 192.168.11.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2 192.168.9.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2 192.168.8.0 10.111.111.6 255.255.255.0 UG 0 0 0 eth2 ... Our network 192.168.1.0/24 (reachable by eth0) is addressed with 192.168.10.0/24 for all other networks, which are reachable by eth2. It works fine with some SNAT-rules and DNAT-rules. The Big Problem is a second 192.168.1.0-network, which is reachable by eth2. Our network wants to address this network with 192.168.20.0/24. netfilterscript: ... # workaround (http://lists.netfilter.org/pipermail/netfilter/2000-November/006089.html) echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 1 > /proc/sys/net/ipv4/route/flush ... # rules to route packtes from 192.168.1.0 to virtual 192.168.20.0 ==> to second 192.168.1.0 /usr/sbin/iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 17 for ((i=3; i<255; i++)); do /usr/sbin/iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -d 192.168.20.${i} -j DNAT --to-destination 192.168.1.${i} /usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.${i} -o eth2 -j SNAT --to-source 192.168.10.${i} ... done ... # in /etc/iproute2/rt_tables: ... 201 m.table ... ip rule add fwmark 17 table m.table /sbin/ip route add 192.168.1.0/24 via 10.111.111.6 dev eth2 table m.table ... EOnetfilterscript > ip rule ls 0: from all lookup local 32765: from all fwmark 17 lookup m.table 32766: from all lookup main 32767: from all lookup default > ip route list table m.table 192.168.1.0/24 via 10.111.111.6 dev eth2 But!!!! Packets from 192.168.1.0/24 to 192.168.20.0/24 leaves the router by eth0 (with IP-Header: >From 192.168.1.0/24 To 192.168.1.0/24) ==> DNAT Works. The mangle-rule works too, >because I log all Packets marked with 17. System: SuSE Linux 8.0 with Kernel SuSE-2.4.18-4GB Advanced Routing und RouteByFWMARK ist configured: > cd /usr/src/linux > make cloneconfig > cat ./.config | grep IP | grep ROUTE CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_NAT=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_TOS=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_ROUTE_LARGE_TABLES=y CONFIG_IP_MROUTE=y What's the Problem??? Thanks, Basti
_______________________________________________ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
