Hello
This is how I do it:
You may be able to get ideas from it...
#!/bin/sh
-------------
/usr/local/sbin/iptables-base $1
LOCNET="192.168.0"
#SNATIPS="$LOCNET.0/24"
#SNATIPS=$(ifconfig | grep "inet addr:" | grep "Bcast:$LOCNET.255" | grep -v
"inet addr:$LOCNET.1[[:space:]]" | sed -e "s/.*inet addr://;s/[[:space:]].*//;")
LEGVSRV=$(grep IPROOT= /etc/vservers/*.conf | sed -e 's/.*IPROOT=//;s/"//g;')
VSERVRS=$(cat /etc/vservers/*/interfaces/*/ip)
SNATIPS=$(echo "$LEGVSRV
$VSERVRS
$LOCNET.200
" | sort -u)
PPPIP="$2"
if [ -z "$PPPIP" ] ; then
# PPPIP=$(route | grep "^default" | sed -e "s|default *||;s| .*||;")
PPPIP=$(ifconfig ppp0 | grep "inet addr:" | sed -e "s/.*inet
addr://;s/[[:space:]].*//;")
fi
# $1 option
# $PPPIP thisip
case "$1" in
start)
for SIP in $SNATIPS ; do
iptables -t nat -I POSTROUTING -p tcp -s $SIP -d \! 192.168.0.0/16
-j SNAT --to-source $PPPIP
iptables -t nat -I POSTROUTING -p udp -s $SIP -d \! 192.168.0.0/16
-j SNAT --to-source $PPPIP
done
iptables -t nat -I PREROUTING -p tcp -d $PPPIP --dport 22 -j DNAT
--to-destination $LOCNET.10:22
;;
stop)
for SIP in $SNATIPS ; do
iptables -t nat -D POSTROUTING -p tcp -s $SIP -d \! 192.168.0.0/16
-j SNAT --to-source $PPPIP
iptables -t nat -D POSTROUTING -p udp -s $SIP -d \! 192.168.0.0/16
-j SNAT --to-source $PPPIP
done
iptables -t nat -D PREROUTING -p tcp -d $PPPIP --dport 22 -j DNAT
--to-destination $LOCNET.10:22
;;
esac
------------------
Regards,
// Ola
On Sat, Oct 22, 2005 at 09:46:46PM +0200, Guenther Fuchs wrote:
> Hi there,
>
> have a bit of problem here with setting up the proper routing for a
> special environment / requirement:
>
> I've here a dual-homed system which mainly should only be available to
> an internal net. Base host therefore hase no external IP (and shall
> not), all requests to external shall be routed through an (extra) NAT
> gateway.
>
> So far no problem, setting up all hosts only on eth1 and having a
> default gw on the base for this eth1 default route works fine.
>
> Now the prob: There should be set up _one_ host with also internal
> _and_ external IP (on eth0) which should externally use a different gw
> and also which should not change anything on the base setup. But if I
> activate _any_ external IP on eth0 the (previous) default route for
> eth1 is nomore used but guests (only having eth1 activated!) try to
> connect direct through this eth0 ip which they naturally can't use so
> traffic stops completely 8-(
>
> Any idea's/hint's?
>
> --
> regards,
>
> Guenther Fuchs
>
> _______________________________________________
> Vserver mailing list
> [email protected]
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
--
--------------------- Ola Lundqvist ---------------------------
/ [EMAIL PROTECTED] Annebergsslingan 37 \
| [EMAIL PROTECTED] 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
