I have rather strange problem with routing on Linux. The host in question
is 2.2.19. It is connected to Frame Relay and ADSL (eth0 and ppp0
interfaces, accordingly). The intranet is on eth1, all connections outside
are masqueraded.
What I want to do is to make requests to port 80 go to ADSL and all other
things got to FR. Manual suggest following setup:
ipchains rule along the lines:
ipchains -A input -s 10.0.0.0/8 80 -i eth1 -m 1
10.0.0.0/8 and eth1 being the intranet addresses and interface, and then
iproute setup:
ip ru add fwmark 1 lookup adsl
ip ro add default via PPP-host dev ppp0
The problem is that the setup doesn't work, and in a very weird way. The
packet from inside gets out through ppp0, as intended, gets MASQed, is
sent out, the responce from the host comes in, goes through the input
firewall chain, is accepted - and _disappears_. It does not come to the
output chain. Somehow seems that the packet is not demasqueraded, though
the entry in the masquerade table for this port/host exists.
If I set up the unconditional route (i.e., not via the iproute2 table
rules, but as host route or default route) - everything works OK. Packets
travel through the firewall and masquerading without any problem. The
tcpdump and firewall report look exactly the same as in the above case -
but this time the return packet gets demasqueraded successfully and gets
output to the intranet interface. If I switch back to conditional rule -
return packets are disappearing again.
Does anyone has any idea what might be the problem here? Does anyone has
any experience with such setups ("web connections go through one
interface, all other connections go through another") - maybe I just went
the wrong way?
TIA,
--
[EMAIL PROTECTED] \/ There shall be counsels taken
Stanislav Malyshev /\ Stronger than Morgul-spells
phone +972-50-624945 /\ JRRT LotR.
whois:!SM8333
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
