One of those tricky routing things. I'm trying to work out f it is
possible to do the following using iproute. Setup is as follows
adsl0: 203.62.148.1/30
ipsec0: 203.62.148.1/30
eth0: 192.168.0.1/24
routes:
Destination Gateway Genmask Flags Metric Ref Use Iface
203.62.148.0 0.0.0.0 255.255.255.252 U 0 0 0 adsl0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 203.62.148.2 255.255.255.0 U 0 0 0 ipsec0
0.0.0.0 203.62.148.2 0.0.0.0 U 0 0 0 adsl0
Now the problem is I only have the one IPSEC tunnel set up
192.168.0.0/24 <-> 192.168.2.0/24
which means the subnets can talk to each other but this linux box can't
talk to the 192.168.2.0/24 subnet. Normally you would setup a new tunnel
as so
203.62.148.1/32 <-> 192.168.2.0/24
but unfortunatley I can't.
Now if I use hping2 to change the source address of ping packets as so
hping2 --icmp -a 192.168.0.1 192.168.2.20
I can ping things fine. So what I want to be able to do is whenever
traffic goes down ipsec0 I want to change my source address from
203.62.148.1 to 192.168.0.1. I think it is possible to do this with
iproute but I'm not quite sure how. Also a bit difficult to test since
the said linux box is in Melbourne and I;ve already managed to muck up
the routing on it so I can't talk to it :)
I was thinking of doing seomthing like the folowing but not sure if it's
right.
ip rule add prio 320 from 203.62.148.1 nat 192.168.0.1 dev ipsec0
I seem to be missing something else. Has anyone ever done anything like
this is there a better way.
NB 2.2 kernel so no iptables shenanigans :)
--
John
http://www.inodes.org/
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
