| |
| |
| |
|
Page: 1 2
Comments:
<0> are all the iptables tables stateful except RAW?
<1> raw is not stateful; nat is only for NEW packets; mangle I believe is stateful, and filter is stateful
<2> hey.. does anyone know whats wrong with this? i can't get the source based routing to work :/ hosts talking on 172.16.161.128 still sees the internet thru my default route on eth0
<2> i'm trying to route it my 2nd internet iface.. ath0
<2> ip rule add from 172.16.161.0/24 table vnet pref 102
<2> ip route add 0/0 dev ath0 table vnet
<2> ip route flush cache
<2> thats what i did.. i'm not an expert with iptables, just reading the HOWTO and following what they did, but i can't get it to work
<2> can someone help please?
<3> did you add a default in table vnet? Is that what 0/0 does?
<3> hmmm looks like it should
<2> rob0, hmm.. not sure
<2> rob0, can you suggest any other way to do it? i can remove these rules and do that
<3> what are the 172.16.161.0/24 hosts using as gateway?
<2> 172.16.161.1
<2> tahts the interface's ip
<3> oh maybe you need a "via" in that default route.
<2> i am using vmware workstation
<3> ah.
<2> so i use vmnet2 as its interface, and a VM gets an ip
<2> like 172.16.161.128, 129, etc..
<2> my computer itself has 172.16.161.1 as its ip, which the VM uses as a gateway
<2> now i just want the NAT to happen such that it doesn't go thru the derfault route, but thru my ath0 interface
<2> default route is eth0
<3> Not sure. I think you're close tho.
<2> how to use that via?
<3> via the upstream router on ath0
<2> ip rule add from 172.16.161.0/24 table vnet pref 102 via 192.168.1.254
<2> ?
<2> the 192.168.1.254 is the gateway on ath0
<3> does 192.168.1.254 have a route to 172.16.161.0/24 ? And no, the via is in the route command.
<2> how do i check if there is a route to 172... from 192 ?
<2> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0
<2> i see that in my route -n
<3> 02:48 < T`> the 192.168.1.254 is the gateway on ath0
<2> yea, if i had ath0 as my default route, then i would say something like "route add default gw 192.168.1.254"
<2> and all my internet access goes thru ath0 then
<2> but i use eth0's gateway now.. not ath0
<2> i only want ath0 for vmnet's interface
<3> 02:49 < rob0> does 192.168.1.254 have a route to 172.16.161.0/24 ? ...
<2> hmm. how do i check that?
<3> How could I know? I don't have control of 192.168.1.254.
<2> hmm.. ath0 is my wireless card.. .254 is the access point
<2> if i understand you right, i dont think the AP knows about 172*.. it only talks to my computer directly thru 192.168.1.1 (my computer's ip)
<2> is that waht you are asking?
<3> And when the AP gets packets with a source IP in 172.16.161.0/24, where will it send replies?
<3> If it has no route to 172.16.161.0/24, it sends them out its default gateway, i.e., your ISP.
<2> oh
<2> hmm.. so i prolly need NAT right?
<3> Or just set a route on the AP.
<2> i dont know if i can do it, lemme check on their web interface
<2> rob0, hmm.. i dont think this AP has a way to set routes
<2> is that possible? i looked in all the pages
<2> can i somehow setup nat so it will convert the ip's automatically? that way the router knows how to talk back
<3> I've only ever had a couple of them, a DLink and a Linksys, and both had a way to set routes.
<3> SNAT is not difficult.
<2> this is 2Wire.. got it free with SBC
<3> The /topic tutorial has some NAT sections ... oh UGH, 2wire homeportal, those are awful.
<2> hehe..
<2> i guess that explains why
<3> I do have experience with one of those and SBC in fact.
<3> I found that it reset all inbound TCP connections every 60 seconds!
<2> ip route add 0/0 dev ath0 via 192.168.1.254 table vmnet
<2> ip rule add from 172.16.161.0/24 table vmnet pref 102
<3> I made sure the customer was billed FAR MORE for my time than it would have cost to buy a decent router.
<2> does that look good?
<4> rob0: HAHA - nice...
<2> hehehe
<2> i could get my univ's free wifi, but its too slow from my home
<2> weak signal
<2> and SBC is cheapest option here
<4> T`: build a special antenna :-)
<2> though i now have an ethernet shared with a friend on comcast :) so i dont bother much with the wifi anymore
<2> robw810, yea, but i think i still would need LOS which i dont have
<2> lots of trees and buildings
<4> fair enough, I guess...
<2> hmm.. rob0 and robw related ;) ?
<4> haha
<4> no, but...
<3> Yes we're both in cold frozen Alabama.
<4> Well, we are both in Alabama, so...
<2> hahah
<3> 2 whole days with frozen precip. on the ground here!!
<2> i hate snow
<3> That's why I moved to AL. :)
<4> rob0: we haven't had any of that down this far, but it's been *cold*
<3> I have to go out tomorrow.
<2> weird, AL is pretty south.. i would have expected some texan weather
<2> or like florida
<4> Alabama - one of the few places that it's understandable to use both the air conditioner and heater on the same day
<2> lol
<2> rob0, can you tell me if that route part is correct?
<2> rob0, i'm setting up NAT, but want to make sure my ip route commands are correct
<3> looks right to me.
<2> and pref is after local right?
<2> i was wondering, this doc says NAT should be in local, so will this vnet table still apply? because by then the source ip is already changed to something else by NAT..
<2> oh wait.. err
<2> i got confused nm.. dest. ip stays same
<3> SNAT is in POSTROUTING (we're getting into iptables / netfilter territory now.)
<2> hmm.. SNAT is same as NAT ?
<4> Source NAT versus Destination NAT
<2> yea, but i seen iptables accept -t nat, etc..
<2> i guess it includes both SNAT and DNAT
<4> That's for the nat table; it defaults to the filter table if you don't specify one
<4> There's filter, nat, and mangle tables
<3> (And raw, a new one.)
<4> oh yeah
<4> good for tarpitting :-)
<2> iptables -t nat -A POSTROUTING --dst 176.16.161.0/24 -j SNAT --to-source 192.168.1.1
<2> how does that look guys?
<4> s/"--dst"/"-d"
<2> oh
<2> actually thats not right i think.. its gonna be -s right?
<1> aren't they the same thing?
<4> Oh yeah, you want -s there
<2> i want packets from 176.16.161.0/24 network to be able to talk to 192.168.1.254
<2> and 192.168.1.254 doesn't know who 176.* is.. only knows 192.168.1.1
<4> danieldg: I don't know -> --dst *may* work, but I've only use --destination or -d
<2> iptables -t nat -A POSTROUTING -s 176.16.161.0/24 -j SNAT --to-source 192.168.1.1
<2> this looks better?
<1> robw810: well, I've used --dst for a while, and it works fine for me
<2> robw810, well it does show --dst in the NAT doc in /topic
<4> danieldg: okay, mea culpa :-)
<2> hmm weird.. do i have to have both -d and -s ?
<2> because that rule will probably overwrite everything even if some packet has source and dest in 176.* range
<2> like talking within the network..
<4> Specify outgoing interface
<3> -s 176.16.161.0/24 -o ath0 -j SNAT ...
<0> danieldg thanks
<2> cool.. did it :)
<1> yw
<2> now have to think how to do reverse NAT.. because i haev to somehow change the packet's destination when recieved from the AP i guess
<3> 4 legs good, 2wire bad.
<3> (from Orwell's _Animal_Farm_)
<2> rob0, heh.. well, atleast this method is universal so i dont need to tweak any router ;)
<3> SNAT does it all for you.
<2> even reverse NAT or whatever it might be called ?!
<2> ok now to test it :)
<3> Your system tracks connections and hooks up the replies with the requestors.
<2> oh.. very cool
<2> rob0, i'm testing this setup.. i gave a VM an ip, 172.16.161.10 and its gateway is 172.16.161.1
<2> i can't ping any 192.* though
<2> i see ethereal trying to send ping requests to destination 192.168.1.254 with source as 172.16.161.10
<2> i'm watching with ethereal on vmnet2 interface
<2> i see no replies from 172.16.161.10 though
<2> err i mean 192.168.1.254
<2> btw, i do see the same ping request on ath0 interface! so routing works i guess
<2> however, the source is appearing as 172.16.161.10
<2> so NAT seems to be broken
<2> it should have appeared as 192.168.1.1 .. hmm
Return to
#iptables
or
Go to some related
logs:
slrip qemu
restart alsa fedora
#fedora
#qemu
#centos
#python
fl4 ubuntu
gentoo radeonsavescreen
gnome-volume-control+deb+package
#perl
|
|