/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Paul Witting <[EMAIL PROTECTED]> wrote:
>
> > Is it possible to specify a masq such that outbound packets from, say,
> > 192.168.0.100 are rewritten to appear as if they originated at the
> > "eth0:1" address, "172.17.2.8", rather than the default "eth0" address?
This is getting to be a real FAQ around here, so I think it's important
to nail down this answer so that it can be documented somewhere.
> This CAN be done. The trick is to somehow route the packets so that
> their destination is eth0:0 instead of eth0.
And this is the important key. I've been telling people for months now
that it's the ROUTE TABLE that determines where your packets get sent.
People are always asking how to set up an ipchains rule that sends these
packets this way, or those packets that way. IT CAN'T BE DONE. Not
with ipchains. Ipchains determines what happens to a packet AFTER IT
HAS BEEN ROUTED. The kernel decides which way the packet is going to
go, and THEN it consults the ipchains rulesets, to determine *IF* the
forwarding should be allowed, *and* if it should be masqueraded during
forwarding.
So, if your default route points out the eth0 interface, then THAT is
the IP address your packets will masquerade as. If you manage to get
your default route pointing to eth0:1, then THAT is the IP address that
your packets will have. It's that simple. Or that complex.
I guess I need to start learning about the other routing packages
available if I'm gonna start being any real help around here. :)
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Just about every computer on the market
sometimes known as David DeSimone || today runs Unix, except the Mac (and
http://www.dallas.net/~fox/ || nobody cares about it). -- Bill Joy '85
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
