On Tue, Oct 05, 2004 at 12:10:40PM -0400, Bob wrote:
> I happen to be using an httpd server on system B and if I look in the logs
> when the packets come through system A, I see the IP address of system X
> so the packet ends up on the default route which for system B which is
> system A and that works fine. When I do that same thing putting the
> address of system C in the browser, I get nothing in the logs. But I do
> see the count on the iptables display go up by 1 on system C
Ok, so you are using DNAT rules on A and C to handle the rewriting of the
destination address of packets, thereby providing for the forwarding. Makes
sense.
The main problem you face is that all packets arrive on C on the same network
interface, and thus you cannot differentiate traffic based on interface at
that point. I am actually not sure whether you can control this with iptables
(though Adam's reference might have information on that indeed). The problem
really is that as far as C is concerned, it is receiving packets from X (one
IP address) on a single interface, and thus there is no way for C to know
whether the packet was delivered to it through A or C. All C knows is that a
packet arrived on its interface from IP address X, and so C's routing rules
need to determine how to get replies sent back to X. I do not know of anything
that can provide C with information about the route packets took prior to
arriving at the destination. Some funky magic with flags may work, but I'd
see more merit in potentially providing C with 2 interfaces, one to A and one
to C.
Kris
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
