Thanks for the reply. On 8/20/07, Salim S I <[EMAIL PROTECTED]> wrote: > > Why don't you use DNAT ? > > The via address is supposed to be the address of nexthop router. >
I could, but on the receiving side we need the IP of the destination for testing some issue. Also, I have had some success with the setup. After setting the rules and routes with explicit devices i.e. ip rul add from 10.1.0.166 dev eth0 table 2 it seems to work a lot better. I will test it a bit more. -- Pranav -----Original Message----- > *From:* [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] *On Behalf Of *Pranav Desai > *Sent:* Saturday, August 18, 2007 6:53 AM > *To:* lartc > *Subject:* [LARTC] Policy base forwarding issues > > > > Hello All, > > I am trying to setup a linux box as a forwarding router based of src IP. > The problem is that it does forward the pkts to the intended server > specified in the ip rule, but it also forwards it to the original dst (dst > specified in the pkt). > > > Here is the setup: > > [10.1.0.166] > [192.168.1.225] > | > | > | [A] > [B] | > |-------[10.1.0.63/172.16.1.63] ----------- [ > 172.16.1.64/192.168.1.65] ---------| > | linux box only has linux-router in > question | > | net.ipv4.ip_forward=1 > | > > | > | > [10.1.0.167] > [192.168.1.100] > > > A - is just a linux box doing forwarding for the 2 networks 10.1.x.x - > > 172.16.1.x. > B - is the linux router which I want to setup as forwarding. > > The pkts come from 10.1.0.166 and .167 -> to 192.168.1.100 > I want to setup rules on [B] to forward all pkts with src addr. 10.1.0.166to > 192.168.1.225. > And, all pkts from 10.1.0.167 to 192.168.1.100 should still go to > 192.168.1.100. > > Here are the rules I setup. > > [EMAIL PROTECTED] ~]# ip rule sh > 0: from all lookup local > 32765: from 10.1.0.166 lookup 225 > 32766: from all lookup main > 32767: from all lookup default > > [EMAIL PROTECTED] ~]# ip ro sh tab 225 > 192.168.1.0/24 via 192.168.1.225 dev eth1 > > The pkts still go to both .225 and .100. I checked on another machine > connected to the same switch as 192.168.1.100 and 192.168.1.225 and its > not receiving the pkts. So, it doesnt seem like the switch is screwing up > and broadcasting the packets everywhere. > > I would appreciate any kind of help or pointers. > > Thanks for your time. > > -- pranav > > ------------------------------ > http://pd.dnsalias.org > -- ------------------------------ http://pd.dnsalias.org
_______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc