[LARTC] 2 providers & DNAT: incoming packets not forwarded

Razvan Stranschi razvan@arvo.ro
Fri, 20 Feb 2004 09:29:35 +0200 

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#cccccc" text="#000000">
If you have default policy in forward chain to DROP you must permit
those packets to pass.<br>
<pre class="moz-signature" cols="90">Razvan Stranschi
<a class="moz-txt-link-abbreviated" href="mailto:razvan@arvo.ro">razvan@arvo.ro</a>
</pre>
<br>
<br>
Raphael Benedet wrote:
<blockquote cite="mid4034CBF2.50104@raph.com" type="cite">Hi,
  <br>
  <br>
I have a problem with incoming connections on my Linux gateway.
  <br>
I have 2 providers, cable modem on eth1 and dsl on eth2 &lt;-&gt; ppp0
(pppoe). The lan network is connected to eth0. At the moment, I have a
very simple configuration where the default route is via eth1 (cable
modem). I set up DNAT on ppp0 to forward incoming traffic for certain
ports to a computer behind the gateway/firewall:
  <br>
iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 2000 -j
DNAT --to-destination 172.16.1.4
  <br>
Packets get lost and never reach the FORWARD chain (I logged all
packets to be sure)
  <br>
  <br>
Here are my routes:
  <br>
  <br>
# ip route ls
  <br>
215.136.169.1 dev ppp0&nbsp; proto kernel&nbsp; scope link&nbsp; src 215.136.169.15
  <br>
135.165.199.128/25 dev eth1&nbsp; proto kernel&nbsp; scope link&nbsp; src
135.165.199.139
  <br>
172.16.0.0/16 dev eth0&nbsp; proto kernel&nbsp; scope link&nbsp; src 172.16.1.1
  <br>
default via 135.165.199.129 dev eth1
  <br>
  <br>
So, I understand traffic by default goes via eth1, but why don't
incoming packets redirected (DNATed) to an intranet IP address go out
via eth0?
  <br>
If I change my default route in table main to go via ppp0, then, it
works. And DNATing on eth1 works with the current configuration.
  <br>
  <br>
I don't have any other routing tables nor complex routing rules:
  <br>
# ip rule ls
  <br>
0:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; from all lookup local
  <br>
32766:&nbsp; from all lookup main
  <br>
32767:&nbsp; from all lookup default
  <br>
  <br>
I am running kernel 2.4.23 with Julian's patches.
  <br>
  <br>
Any help would be greatly appreciated. Thank you.
  <br>
  <br>
Raph
  <br>
  <br>
  <br>
</blockquote>
</body>
</html>
---------------------------------------
This e-mail was scanned for viruses by ARVO.