[LARTC] 2 providers & DNAT: incoming packets not forwarded
Raphael Benedet
raph@raph.com
Thu, 19 Feb 2004 15:45:06 +0100
Hi,
I have a problem with incoming connections on my Linux gateway.
I have 2 providers, cable modem on eth1 and dsl on eth2 <-> ppp0
(pppoe). The lan network is connected to eth0. At the moment, I have a
very simple configuration where the default route is via eth1 (cable
modem). I set up DNAT on ppp0 to forward incoming traffic for certain
ports to a computer behind the gateway/firewall:
iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 2000 -j DNAT
--to-destination 172.16.1.4
Packets get lost and never reach the FORWARD chain (I logged all packets
to be sure)
Here are my routes:
# ip route ls
215.136.169.1 dev ppp0 proto kernel scope link src 215.136.169.15
135.165.199.128/25 dev eth1 proto kernel scope link src 135.165.199.139
172.16.0.0/16 dev eth0 proto kernel scope link src 172.16.1.1
default via 135.165.199.129 dev eth1
So, I understand traffic by default goes via eth1, but why don't
incoming packets redirected (DNATed) to an intranet IP address go out
via eth0?
If I change my default route in table main to go via ppp0, then, it
works. And DNATing on eth1 works with the current configuration.
I don't have any other routing tables nor complex routing rules:
# ip rule ls
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
I am running kernel 2.4.23 with Julian's patches.
Any help would be greatly appreciated. Thank you.
Raph
--
Raphael Benedet
3D Artists - raph.com
"bringing art into the third dimension"