[LARTC] Ip route cache problem
Ionut Popovici
ionut at topall.ro
Wed Oct 12 12:20:16 CEST 2005
>Hello,
>I need some help about a routing problem on a complex configuration.
>The problem is that I can't reach from services outside from my DMZ.
>The scenario is a gateway linked to three internet connections, so that
>I used three distinct iproute2 tables for routing. The gw is running
>ipvs for balancing over the dmz's servers.
>DMZ servers are on 192.168.1.0/24 network, .
>Every table has the route to reach :
>192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
>I'm using iptables to NAT a server on my DMZ to reach DNS services outsides:
>iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 151.99.0.100
>--dport 53 -j SNAT --to-source 81.77.88.99
Have u try to use DNAT from iptables because dnat is in PREROTING , and if u have a dns service u need to make the outside service connection to connect 2 your dns server !
>Looking inside the cache I find only the route to reach the dns server,
>but not the one that the dns needs to reach my server:
>151.99.0.100 from 192.168.1.2 via 81.77.88.100 dev eth2 src 192.168.1.249
> cache <src-direct> mtu 1500 advmss 1460 metric10 64 iif eth0
>
>I experieced in the past that reentering the iptables nat command
>worked, but it seems a random effect and not always works.
>
>Thank's in advance,
>Luca Maragnani
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ionut.vcf
Type: text/x-vcard
Size: 836 bytes
Desc: not available
Url : http://mailman.ds9a.nl/pipermail/lartc/attachments/20051012/ef7522fa/ionut.vcf
More information about the LARTC
mailing list