/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
On Fri, 27 Oct 2000 08:28:39 -0500, "Steele, Tom"
<[EMAIL PROTECTED]> wrote:
>The way I do this (I don't know if there's a better way...there might be) is
>to use marking. For example.
>
>Create a new mark with:
>ipmasqadm mfw -A -m 1 -r 192.168.0.10 80
>ipmasqadm mfw -A -m 2 -r 192.168.0.10 443
>
>Then set in your input rule somewhere:
>ipchains -A input -p tcp -d 212.254.210.228/32 80 -m 1
>ipchains -A input -p tcp -d 212.254.210.228/32 443 -m 2
>
i tried mfw too:
(legolas is an extern machine, gorgon is the firewall)
legolas:~ # telnet 1.2.3.4 80
Trying 1.2.3.4...
telnet: Unable to connect to remote host: No route to host
legolas:~ #
gorgon:/ # ipmasqadm mfw -L -n
fwmark rediraddr rport pcnt pref
1 192.1.1.10 80 10 10
gorgon:/ #
gorgon:/ # ipchains -L input -n | grep 1.2.3.4
ACCEPT tcp -y---- 0.0.0.0/0 1.2.3.4 * -> 80
gorgon:/ #
seems everything ok to me. i got no complaints in the logs, but
tcpdump shows, that the firewall tries to look at eth1 for the server
instead of going out on eth2:
orgon:/ # tcpdump -i eth1 -n
User level filter, protocol ALL, datagram packet socket
tcpdump: listening on eth1
5:4a:2c.836564 arp who-has 1.2.3.4 tell 1.2.3.5 (0:19:ad:g7:3d:
e0)
so the kernel tries to connect on eth1 to 1.2.3.4 instead of eth2
192.168.0.10
what else can i try?
many thanks for all answers
jan
---
Jan Stifter
http://www.medres.ch/~jstifter/
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
