[LARTC] Ip route cache problem

Wed Oct 12 14:52:29 CEST 2005

Sorry, surely I did'nt explained well the problem.

I don't have DNS services. I need to access dns server at 151.99.0.100 
from my servers which have private ip addresses. I think the only thing 
I need is to SNAT the connection.

Thank's all the same
Luca

Ionut Popovici wrote:

>> Hello,
>> I need some help about a routing problem on a complex configuration.
>
>
>> The problem is that I can't reach from services outside from my DMZ.
>
>
>> The scenario is a gateway linked to three internet connections, so 
>> that I used three distinct iproute2 tables for routing. The gw is 
>> running ipvs for balancing over the dmz's servers.
>
>
>> DMZ servers are on 192.168.1.0/24 network, .
>
>
>> Every table has the route to reach :
>> 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
>
>
>> I'm using iptables to NAT a server on my DMZ to reach DNS services 
>> outsides:
>> iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d 
>> 151.99.0.100 --dport 53 -j SNAT --to-source 81.77.88.99
>
> Have u try to use DNAT from iptables because dnat is in PREROTING , 
> and if u have a dns service u need to make the outside service 
> connection to connect 2 your dns server !
>
>> Looking inside the cache I find only the route to reach the dns 
>> server, but not the one that the dns needs to reach my server:
>> 151.99.0.100 from 192.168.1.2 via 81.77.88.100 dev eth2  src 
>> 192.168.1.249
>>    cache <src-direct>  mtu 1500 advmss 1460 metric10 64 iif eth0
>>
>> I experieced in the past that reentering the iptables nat command 
>> worked, but it seems a random effect and not always works.
>>
>> Thank's in advance,
>> Luca Maragnani
>
>
>_______________________________________________
>LARTC mailing list
>LARTC at mailman.ds9a.nl
>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>  
>