Re: [Shorewall-users] ppp0_masq after route_rules?

Brian J . Murrell Tue, 16 Feb 2010 13:47:05 -0800

Tom Eastep <teastep <at> shorewall.net> writes:
> 
> If it were not having any effect, the SOURCE IP would be 10.75.22.101,
> right?


Ahhh.  Yes, of course, you are right.  So some SNAT/Masq is happening, just for
the wrong outgoing interface.

> It's not clear to me what's happening from what you have written.

Sorry.  It really is simply a case of using a route_rules entry to force
traffic from a given IP (10.75.22.101) out through what is normally not the
"default"/preferred interface (which is provider CGCO), which is working.  But 
that the source address of what is normally the preferred/default interface 
(CGCO's 7.1.7.2) is being masqued to the packets instead of the source address
of the interface (IGS0 being forced by the route_rules entry.

What I don't understand is why given the following nat table rules:

Chain POSTROUTING (policy ACCEPT 782 packets, 47801 bytes)
 pkts bytes target      prot opt in out      source      destination         
    1  1400 ppp0_masq   all  --  *  ppp0     0.0.0.0/0   0.0.0.0/0           
 2581  201K eth0.1_masq all  --  *  eth0.1   0.0.0.0/0   0.0.0.0/0           

Chain ppp0_masq (1 references)
 pkts bytes target prot opt in out   source     destination      
    1  1400 SNAT   all  --  *  *     !6.1.3.4   0.0.0.0/0     to:6.1.3.4 

Chain eth0.1_masq (1 references)
 pkts bytes target      prot opt in  out  source        destination         
 5344  414K MASQUERADE  all  --  *   *    0.0.0.0/0     0.0.0.0/0           

is the eth0.1 masqing being applied to packets which are routed to the IGS (on 
ppp0) provider with the route rule:

1002:   from 10.75.22.101 lookup IGS 

and associated routing table:

Table IGS:

10.8.0.2 dev tun0  proto kernel  scope link  src 10.8.0.1 
192.168.200.1 dev ppp0  scope link  src 66.11.173.224 
10.10.0.0/24 via 10.75.22.1 dev br-lan  proto zebra  metric 20 equalize 
10.8.0.0/24 via 10.8.0.2 dev tun0 
192.168.0.0/24 via 10.75.22.5 dev br-lan  proto zebra  metric 20 equalize 
10.75.22.0/24 dev br-lan  proto kernel  scope link  src 10.75.22.254 
10.75.23.0/24 via 10.8.0.2 dev tun0 
192.168.122.0/24 via 10.75.22.151 dev br-lan  proto zebra  metric 20 equalize 
169.254.0.0/16 via 10.75.22.5 dev br-lan  proto zebra  metric 20 equalize 
default via 192.168.200.1 dev ppp0  src 6.1.3.4 

Doesn't the above set the outgoing interface to ppp0 before POSTROUTING is 
applied in the iptables "nat" table?


------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] ppp0_masq after route_rules?

Reply via email to