[LARTC] Route away packets addressed to the machine itself w/iproute and Netfilter

Gerardo Arceri elfarto@elfarto.com.ar
Fri Feb 18 21:16:48 CET 2005 

This is a multi-part message in MIME format.
--------------050701030605050207020101
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I have a box with only 1 IP (lets say 10.0.0.1) which has an ipip tunnel 
to another machine (lets say 10.2.0.1)(different networks)  i wan't all 
packets coming to 10.0.0.1 destination port 80 be routed thru the tunnel 
device and be answered by 10.2.0.2 (which has an interface configured  
with 10.0.0.1).
It works if the incoming ip address is not configured on the receiving 
machine (but is configured to be arpproxied) but not with the "main" ip 
address.
This is what i did to test
on 10.0.0.1
ifconfig
eth0: main interface
tunnel2: ipip tunnel interface to 10.2.0.2

/etc/iproute/rt_tables
added:
100   myroute


iptables -A PREROUTING -t mangle -d 10.0.0.1 -p tcp --dport 80 -j MARK 
--set-mark 99
ip route add table test dev tunnel2
ip rule add fwmark 99 table test


in 10.0.0.2
ifconfig eth0:101 10.0.0.1 netmask 255.255.255.255

What i'm doing wrong ?
Thanks!
 

--------------050701030605050207020101
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Trebuchet MS">I have a box with only 1 IP
(lets say 10.0.0.1) which has an ipip tunnel to another machine (lets
say 10.2.0.1)(different networks)&nbsp; i wan't all packets coming to
10.0.0.1 destination port 80 be routed thru the tunnel device and be
answered by 10.2.0.2 (which has an interface configured&nbsp; with 10.0.0.1).<br>
It works if the incoming ip address is not configured on the receiving
machine (but is configured to be arpproxied) but not with the "main" ip
address.<br>
This is what i did to test<br>
on 10.0.0.1<br>
ifconfig<br>
eth0: main interface<br>
tunnel2: ipip tunnel interface to 10.2.0.2<br>
<br>
/etc/iproute/rt_tables<br>
added:<br>
100&nbsp;&nbsp; myroute<br>
<br>
<br>
iptables -A PREROUTING -t mangle -d 10.0.0.1 -p tcp --dport 80 -j MARK
--set-mark 99<br>
ip route add table test dev tunnel2<br>
ip rule add fwmark 99 table test<br>
</font></font><br>
<font size="-1"><font face="Trebuchet MS"><br>
in 10.0.0.2<br>
ifconfig eth0:101 10.0.0.1 netmask 255.255.255.255<br>
<br>
What i'm doing wrong ?<br>
Thanks!<br>
&nbsp;<br>
</font></font>
</body>
</html>

--------------050701030605050207020101--

More information about the LARTC mailing list