Re: [Masq] Changing source address of masqueraded packets

Tue, 29 Aug 2000 01:41:12 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Adam Hyde wrote:

> I have a problem with masquerading for the network setup illustrated
> below.  The diagram is supposed to represent my gateway with three
> interfaces:
> 
> 192.168.10.0 - local network I am trying to masquerade for
> 203.23.128.0 - local network, no masquerading
> 10.100.1.0 - private network between gateway and ISP
> 
>        INTERNET          
> 
>           |
>           |
> 
>     ISP's  ROUTER (10.100.1.1)
> 
>           | 
>      eth0 |             
>   +-------+---------+ 
>   | 10.100.1.4      | 
>   |                 | eth1 
>   |                 +---------------------- 
>   |                 | 203.23.128.254 
>   | 192.168.1.254   | 
>   +-------+---------+ 
>      eth2 | 
>           |
>           |      
> 
> My problem is simple.  (Hopefully the solution is, too!)  Packets from
> the 192.168.10.0 network have a source address of 10.100.1.4 after
> masquerading.  This makes it impossible for any packets to be returned.

that shouldn't be a problem. that's what masquerading means.
packets coming in over eth2 and leaving via eth0 are to be
masqueraded which means having the source address rewritten
to be the address of eth2 and having the source port rewritten
to be somewhere in the range 61000-65096. when reply packets
arrive at eth2, the kernel sees that the destination port is
in the range 61000-65096, recognises it as a packet that needs
to be demasqueraded and demasquerades it back to 192.168...
and forwards it across eth2.

> How can I set the source address to be 203.23.128.254?

you shouldn't be wanting that. if you did that, reply packets
intended for the network on the other side of eth2 would be
send across eth1 instead and go nowhere.

what's your real problem? return packets not getting through?
check your routing tables.

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to