[LARTC] Policy base forwarding issues

Pranav Desai pranavadesai at gmail.com
Wed Aug 22 04:41:58 CEST 2007 

Thanks for the reply.

On 8/20/07, Salim S I <salim.si at cipherium.com.tw> wrote:
>
>  Why don't you use DNAT ?
>
> The via address is supposed to be the address of nexthop router.
>

I could, but on the receiving side we need the IP of the destination for
testing some issue.
Also, I have had some success with the setup. After setting the rules and
routes with explicit devices i.e.
ip rul add from 10.1.0.166 dev eth0 table 2
it seems to work a lot better. I will test it a bit more.


-- Pranav

-----Original Message-----
> *From:* lartc-bounces at mailman.ds9a.nl [mailto:
> lartc-bounces at mailman.ds9a.nl] *On Behalf Of *Pranav Desai
> *Sent:* Saturday, August 18, 2007 6:53 AM
> *To:* lartc
> *Subject:* [LARTC] Policy base forwarding issues
>
>
>
> Hello All,
>
> I am trying to setup a linux box as a forwarding router based of src IP.
> The problem is that it does forward the pkts to the intended server
> specified in the ip rule, but it also forwards it to the original dst (dst
> specified in the pkt).
>
>
> Here is the setup:
>
> [10.1.0.166]
>                                                 [192.168.1.225]
>          |
>                                         |
>          |                [A]
>                   [B]                          |
>          |-------[10.1.0.63/172.16.1.63] ----------- [
> 172.16.1.64/192.168.1.65] ---------|
>          |       linux box only has                      linux-router in
> question              |
>          |      net.ipv4.ip_forward=1
>                                     |
>
> |
> |
> [10.1.0.167]
> [192.168.1.100]
>
>
> A - is just a linux box doing forwarding for the 2 networks 10.1.x.x - >
> 172.16.1.x.
> B - is the linux router which I want to setup as forwarding.
>
> The pkts come from 10.1.0.166 and .167  ->  to 192.168.1.100
> I want to setup rules on [B] to forward all pkts with src addr. 10.1.0.166to
> 192.168.1.225.
> And, all pkts from 10.1.0.167 to 192.168.1.100 should still go to
> 192.168.1.100.
>
> Here are the rules I setup.
>
> [root at forwarder ~]# ip rule sh
> 0:      from all lookup local
> 32765:  from 10.1.0.166 lookup 225
> 32766:  from all lookup main
> 32767:  from all lookup default
>
> [root at forwarder ~]# ip ro sh tab 225
> 192.168.1.0/24 via 192.168.1.225 dev eth1
>
> The pkts still go to both .225 and .100. I checked on another machine
> connected to the same switch as 192.168.1.100 and 192.168.1.225 and its
> not receiving the pkts. So, it doesnt seem like the switch is screwing up
> and broadcasting the packets everywhere.
>
> I would appreciate any kind of help or pointers.
>
> Thanks for your time.
>
> -- pranav
>
> ------------------------------
> http://pd.dnsalias.org
>



-- 

------------------------------
http://pd.dnsalias.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20070821/2528ab1d/attachment-0001.html

More information about the LARTC mailing list