IP-MASQ and IPROUTE2?

IP-MASQ and IPROUTE2?

Post by Stoon » Wed, 16 Oct 2002 13:39:48



Hi

I am having a little problem with IP MASQ and IPROUTE2.
I am using RedHat 7.3 with IPTABLES.

I have a linux gateway server with 3 NICs.
The environment is as follows:

Local Network      +------------+ eth1(218.x.x.20) --> ISP1
(192.168.0.x) --- | Linux Server |--------
                eth0   |                    |
      192.168.0.1  |                    |--------
                         +-------------+ eth2(211.x.x.155) -->ISP2

The eth1 and eth2 are the links to internet. I  have 2 providers to Internet
and I would like to use eth2 as the default route to internet from Local
Network(192.168.0.x) and eth1 as for the servers(DNS, mail, web) that people
from external Internet
to access. The reason behind that is that provider ISP2 are not
allowing me to run servers on that link, so I had to setup another link for
servers(eth1).

The IP masqurading is used and ip forwarding is turned on.

echo 1 > /proc/sys/net/ipv4/ip_forward

/sbin/ip route add 211.x.x.128 dev eth2 src 211.x.x.155 table SI
/sbin/ip route add default via 211.x.x.129 table SI
/sbin/ip route add 218.x.x.0 dev eth1 src 218.x.x.20 table KT
/sbin/ip route add default via 218.x.x.1 table KT

/sbin/ip route add 211.x.x.128 dev eth2 src 211.x.x.155
/sbin/ip route add 218.x.x.0 dev eth1 src 218.x.x.20

/sbin/ip route add default via 211.x.x.129

/sbin/ip rule add from 211.x.x.155 table SI
/sbin/ip rule add from 218.x.x.20 table KT

/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT


211.x.x.128 dev eth2  scope link  src 211.x.x.155
218.x.x.0 dev eth1  scope link  src 218.x.x.20
211.x.x.128/25 dev eth2  scope link
192.168.0.0/24 dev eth0  scope link
218.x.x.0/24 dev eth1  scope link
127.0.0.0/8 dev lo  scope link
default via 211.x.x.129 dev eth2

it works fine( 192.168.0.x can access the internet by masquerading via eth2
and external internet can access the eth1 and eth2).
But the problem is that the hosts in the local network (192.168.0.x) can not
access 211.x.x.155(eth2) and 218.x.x.20(eth1), even though ip forwarding is
turned on. It can only ping and access 192.168.0.1

Could someone please sugguested me the solutions?

Thanks in advance.

 
 
 

1. IP Masq'd Workstation to connect to IP Masq'd Workstation

I have setup my Linux Box with IPMasq. Everything runs fine from my win box
behind the proxy. Now I just encountered a problem. I have tried to connect
to an ftp server that is behind NAT server which are both on winboxs

------------              -------------                   ------------      
        ------------------
|                 |             | IP Masq    |   Internet    |   NAT       |
| Win workstation |
| Win         |---------|    Linux      |------------|    Sygate
|---------|    FTP                |
|                 |             |   Proxy      |   Internet    |    Win box
|              | server                |
------------              -------------                   -------------    
        ------------------

I can't seem to connect to the FTP even when the FTP Client is set to
passive mode. Does anyone know whether there is anything I can do on my side
of the connection such as reconfiguring my Linux Box to fwd properly?

2. NIC problem, please help!!!

3. IP Masq - Specify IP to Masq as?

4. Help with printing using lp

5. Configuring net (IP-tunnel, IP-Alias, Proxy-ARP, NAT, IP-Masq?)

6. What happens when I press this button?

7. ipchains / masq problem with iproute2?

8. Logitech QuickCam Pro 4000 with kernel 2.4.19 (Mandrake 9.0) + amd

9. IP-routeing with IP-masq

10. Dynamic IP & Linux IP-Masq HOWTO

11. ipchains(/tables) + iproute2 MASQ

12. linux: ipfw; ip-masq; eth0 and ppp0

13. IP-Masq: Can't Email Attachment from MAC OS Client