Hello Daniel, I want option a. It must route the packet to 192.168.0.1 exactly how it is without modifying any headers. on 192.168.0.1 there is NAT on it wich will handle translation.
On 192.168.0.2 (localhost): x86:~# tcpdump -e -i tun1 tcpdump: listening on tun1 16:03:31.375841 ip 84: 192.168.0.2 > apollo.is.co.za: icmp: echo request 16:03:32.383138 ip 84: 192.168.0.2 > apollo.is.co.za: icmp: echo request 16:03:33.393145 ip 84: 192.168.0.2 > apollo.is.co.za: icmp: echo request On 192.168.0.1 (remote gateway): blowfish:~# tcpdump -e -i tun0 tcpdump: listening on tun0 16:00:25.851705 ip 84: truncated-ip - 21420 bytes missing! 192.168.0.2 > apollo.is.co.za: icmp: echo request 16:00:26.859140 ip 84: truncated-ip - 21420 bytes missing! 192.168.0.2 > apollo.is.co.za: icmp: echo request 16:00:27.868135 ip 84: truncated-ip - 21420 bytes missing! 192.168.0.2 > apollo.is.co.za: icmp: echo request Thank you for your time Mark ---------------------------------------------------------------- The best defense against logic is stupidity. ---------------------------------------------------------------- On Fri, 24 Oct 2003, Daniel Hartmeier wrote: >On Thu, Oct 23, 2003 at 03:36:22PM +0200, Mark Bojara wrote: > >> rdr on ! tun1 inet from 192.168.0.2 to any -> 192.168.0.1 > >rdr and route-to do two different things in your setup, it's not clear >yet what you really want: > >a) route-to will not modify the IP layer, it will just cause the > packets to get sent to the MAC address of 192.168.0.1 on ethernet > layer. Run tcpdump with -e on tun1 and check the destination MAC > address of outgoing packets. Without the route-to rule, everything > should go to the default route's MAC address. With the route-to > rule, packets from 192.168.0.0/30 should go to 192.168.0.1's MAC > address. The IP destination addresses should be the same, as > route-to doesn't change them. And the packet will end up at the > same IP endpoint, as the destination IP address wasn't modified. > >b) rdr (on the interface where the packets come in, tun0) can > replace the IP destination address of packets. This redirects > the packets to another endpoint (not just through other routes). > Of course, a different destination IP address might cause the > intermediate routers to chose different paths, so a redirection > will affect routing in that sense. For example, redirecting a > HTTP query (port 80) with rdr to a router not running a web > server would be wrong. If you just want to route through that > router (reaching the original web server), use route-to. > >So, do you want a) or b) or something else? > >Daniel >
