by ppog.. » Tue, 11 Dec 2007 19:35:29
Best regards
by Pascal Hambour » Tue, 11 Dec 2007 19:53:59
Note : these are not subinterfaces but "IP aliases", i.e. multiple IPQuote:> I have one physical interface eth0 with subinterfaces. All adresses of
> interfaces are from the same network. I have a serivce that listen on
> one of subinterfaces eth0:2 with ip 192.168.0.10 and everything is ok
> but the outgoing traffic from this service is via eth0 ip address
> 192.168.0.1.
This may be possible through a configuration option of that service.Quote:> I want that this service to use eth0:2 ip address instead
> eth0 ip address.Is it possible to achive it without using iptables?
Otherwise, it may be possible to define that specific address as the
"primary" address on the interface, but this will be a system-wide
setting. If the outgoing communications are destined only to well-known
addresses, it may be possible to set specific routes to these
destinations using a specific default source address. But again, this is
a system-wide setting.
by David Schwart » Fri, 14 Dec 2007 09:56:54
What do you mean by "listen on"? What does it mean to listen on anQuote:> I have one physical interface eth0 with subinterfaces. All adresses of
> interfaces are from the same network. I have a serivce that listen on
> one of subinterfaces eth0:2 with ip 192.168.0.10 and everything is ok
> but the outgoing traffic from this service is via eth0 ip address
> 192.168.0.1. I want that this service to use eth0:2 ip address instead
> eth0 ip address.Is it possible to achive it without using iptables?
What do you mean by "use eth0:2 ip address"? Use it for what?
As the source address for outbound packets? Are we talking TCP or UDP?
Are connections initiated by this machine or the other end?
It's very hard to tell what you're talking about.
DS
by Andrew Gideo » Sat, 15 Dec 2007 01:03:59
Am I wrong about that?
If one isn't speaking of responses, then it is possible of course. I'd a
similar situation where an SMTP server was getting connections on one IP
but initiated connections on another. Using ClientPortOptions fixed this.
Bind has "query source" for the same purpose.
- Andrew
1. FreeS/Wan & iptables -- fwd Web traffic thru tunnel
Hi,
I'm trying to pass Web traffic through the tunnel from a machine with public
addresses to a machine without. I think I need a technique to do SNAT and
DNAT at the same time. My setup follows (pardon my ascii art):
target web server: 192.168.1.3
|
right subnet: 192.168.1.0/24
|
|192.168.1.2
--+-- right freeswan gate
|DHCP'd address: 2.2.2.2
Internet |
|Public DNS addrs: 1.1.1.1-2
--+-- left freeswan gate
|192.168.13.96
|
left subnet: 192.168.13.0/24
The tunnel works fine for through traffic, ping, etc. with the following
snippet from ipsec.conf:
right=%any
rightsubnet=192.168.1.0/24
left=1.1.1.1
leftsubnet=192.168.13.0/24
When I map the web request from 3.3.3.3->1.1.1.2 to the tunnel, it picks up
the PREROUTING DNAT to 192.168.1.3, but not the POSTROUTING SNAT to
192.168.13.96. The following are the NAT lines in my iptables setup script
(the FORWARD lines allow the routing):
# DNAT for internal server access
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -d 1.1.1.2 \
-j LOG --log-prefix "TxPreRoute"
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -d 1.1.1.2 \
-j DNAT --to 192.168.1.3:80
# SNAT for the internal server access via the tunnel
iptables -t nat -A POSTROUTING -p tcp -d 192.168.1.3 --dport 80 \
-o ipsec -j LOG --log-prefix "TxPostRoute"
iptables -t nat -A POSTROUTING -p tcp -d 192.168.1.0/24 -o ipsec \
-j SNAT --to 192.168.13.96
I get the "TxPreRoute", but never get the "TxPostRoute" message in syslog.
The message gets into the tunnel, but klipsdebug=all gives me a "who the
hell is 3.3.3.3" message and drops the traffic (as it should)!
Anybody know of an iptables target that can do both? Am I missing something?
Is there a way to setup Apache so I can broker the transaction twice on the
left gate? Any ideas?? TIA.
Regards,
Mark
3. Cant get GRE traffic to flow thru masqed VPN - HELP!!!!
4. How do I unzip a ...tar.Z file?
5. Monitor LAN traffic thru Linux
7. Is 64-bit Linux "true" 64 bit thru-and-thru??
8. anyone have solution install RH7.1 on 16M RAM
10. ip change on interface with subinterfaces.
11. SNAT with multiple mappings: subinterfaces needed?
13. 802.1q subinterfaces on Solaris 10