[LARTC] ip route nat. NEED help.

Peter Volkov Alexandrovich torre_cremata@mail.ru
Tue, 9 Nov 2004 13:09:13 +0300 

Hello.

I need your help. The problem is I can not make route nat working with kern=
el=20
2.6 although in 2.4 everthing works perfectly. I forced to have 2.6 kernel =
as=20
I need SATA.

If this is the wrong list to ask question about this, please poke me in the=
=20
right one.

So. I have router with two network cards: eth0(192.168.1.10) and eth1
(192.168.2.150). Kernel is 2.6.8.1. In the kernel all options and suboption=
s=20
concerning "IP: advanced router" are enabled. I want to map computer in=20
192.168.2.0/24 subnet with IP 192.168.2.5 =9Aon 192.168.1.17 in 192.168.1.0=
/24=20
subnet.

I am not an artist but may be this graph can illustrate my situation:

=9A =9A =9A =9A =9A =9A =9A192.168.1.0/24<..... nat =9A....>192.168.2.0/24
<192.168.1.1>-----<192.168.1.10>router<192.168.2.150>-----<192.168.2.5>
=9A =9A =9A =9A =9A =9A =9A =9A =9A =9A =9A =9Aeth0 =9A =9A =9A =9A =9A =9A=
 =9A =9Aeth1 =9A =9A =9A =9A =9A =9Ahost i want
=9A =9A =9A =9A =9A =9A =9A =9A =9A <192.168.1.17>----------nat------------=
> =9A =9Ato map
=9A =9A =9A =9A =9A =9A =9A =9A =9A dummy address


=9ASo following ip-cref written by Alexey Kuznetsov first of all I issue th=
e=20
command:

nat router # ip route add nat 192.168.1.17 via 192.168.2.5

Now my router answers ARP for 192.168.1.17 and recieves the packets for it.=
=20
Then it ever route them from eth0 to eth1 BUT it does not nat destination i=
p=20
address. Look what one can see using tcpdimp! I ping 172.16.1.17 from=20
192.168.1.1:
nat router # tcpdump -ni eth0
05:49:19.085838 arp who-has 192.168.1.17 tell 192.168.1.1
05:49:19.086938 arp reply 192.168.1.17 is-at 00:0c:29:od:85:04
05:49:19.692799 IP 192.168.1.1 > 192.168.1.17: icmp 64: echo request seq 1

AT the same time on eth1:
nat router # tcpdump -ni eth0
05:49:19.692837 IP 192.168.1.1 > 192.168.1.17: icmp 64: echo request seq 1

My route table is Ok.=20

nat router # ip route
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.250
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10
127.0.0.0/8 via 127.0.0.1 dev lo scope link

So why the packet that should be DNATed is not and how could packet that=20
should be sent to eth0 sent to eth1?

Is there any other possibility to nat 192.168.2.5 on 192.168.1.17?

The last question what is with "IP: fast network address translation" in 2.=
6.9=20
kernel? Why it is absent?


Thank you in advance,
_____________
Peter.

P.S. I need your help to find sollution. Otherwise there is a possibility f=
or=20
my employer can dismiss me.

P.P.S. below is also my letter with the same problem. No one answered it.:(

On Tuesday 26 October 2004 20:49, =F0=C5=D4=D2 =F7=CF=CC=CB=CF=D7 =9Awrote:
> All worked with 2.4 kernel, but when I have to move to 2.6.8.1 it's not.
>
> I'm using "ip route nat 231.222.222.111 via 172.16.1.13" to substitute in=
et
> address 231.222.222.111 on 172.16.1.13 during routing. Look at the output:
> _____________
> myhost log # ip route list table local
> broadcast 127.255.255.255 dev lo =9Aproto kernel =9Ascope link =9Asrc 127=
=2E0.0.1
> local 172.16.0.1 dev eth1 =9Aproto kernel =9Ascope host =9Asrc 172.16.0.1
> broadcast 172.16.0.0 dev eth1 =9Aproto kernel =9Ascope link =9Asrc 172.16=
=2E0.1
> broadcast 231.222.222.111 dev eth0 =9Aproto kernel =9Ascope link =9Asrc
> 231.222.222.111 broadcast 231.222.222.111 dev eth0 =9Aproto kernel =9Asco=
pe
> link =9Asrc 231.222.222.111 local 231.222.222.111 dev eth0 =9Aproto kerne=
l=20
> scope host =9Asrc 231.222.222.111 broadcast 172.16.255.255 dev eth1 =9Apr=
oto
> kernel =9Ascope link =9Asrc 172.16.0.1 broadcast 127.0.0.0 dev lo =9Aprot=
o kernel
> =9Ascope link =9Asrc 127.0.0.1 nat 231.222.222.111 via 172.16.1.13 =9Asco=
pe host
> local 127.0.0.1 dev lo =9Aproto kernel =9Ascope host =9Asrc 127.0.0.1
> local 127.0.0.0/8 dev lo =9Aproto kernel =9Ascope host =9Asrc 127.0.0.1
>
> myhost log # ip rule
> 0: =9A =9A =9Afrom all lookup local
> 323: =9A =9Afrom 172.16.1.13 lookup main map-to 231.222.222.111
> 32766: =9Afrom all lookup main
> 32767: =9Afrom all lookup default
> _______________________
>
> So I'm trying to translate local address 172.16.1.13 on 231.222.222.111.
>
> And that was working under 2.4 kernel. But now I have to move to 2.6 kern=
el
> and now it's not working.
>
> I've used this commands:
> ip route add nat 231.222.222.111 via 172.16.1.13
> ip rule add prio 323 from 172.16.1.13 nat 231.222.222.111
>
> !!! To be sure that it is kernel problem I've added this two rules in my
> FORWARD chain in the very beginning: iptables -I FORWARD -s 172.16.1.13 -j
> LOG
> iptables -I FORWARD -d 231.222.222.111 -j LOG
>
> Look I have packets that should not be there:
> Oct 27 00:30:04 rcline IN=3Deth1 OUT=3Deth0 SRC=3D172.16.1.13 DST=3D64.12=
=2E161.185
> LEN=3D48 TOS=3D0x00 PREC=3D0x00 TTL=3D127 ID=3D43039 DF PROTO=3DTCP SPT=
=3D1923 DPT=3D5190
> WINDOW=3D65535 RES=3D0x00 SYN URGP=3D0 Oct 27 00:30:04 rcline IN=3Deth0 O=
UT=3Deth1
> SRC=3D83.102.131.142 DST=3D231.222.222.111 LEN=3D84 TOS=3D0x00 PREC=3D0x0=
0 TTL=3D59
> ID=3D2990 DF PROTO=3DICMP TYPE=3D8 CODE=3D0 ID=3D22310 SEQ=3D2991
>
> No substitution of niether destination, nor source adresses!!!
>
> Please help me to make this working. I've tried 2.6.9 kernel, but It seems
> there is no "IP: fast network address translation". Why. Is feature alrea=
dy
> deprecated?