Re: iproute2, portfw oddities (2.2.19 ppp)

Matthew G. Marsh (mgm@paktronix.com)
Thu, 6 Sep 2001 10:01:40 -0500 (CDT)


On Fri, 31 Aug 2001, Valentijn Sessink wrote:

> Hello list,
>
> I have a machine (Pentium, 2.2.19, Debian 2.2) with an internal network
> (192.168.0.x) and 4 external ppp connections (actually: pptp connections
> to the ISP).
>
> The ppp's all could have a "default route" to the Internet, only the ISP
> filters source addresses, so you cannot possibly send a ppp0 IP-address
> through ppp1 or vice versa.
>
> Now policy routing seemed the correct solution for this and I tried this
> for ppp1:
>
> # ip ru list
> 0: from all lookup local
> 1001: from 194.10.21.181 lookup ppp1
> 32766: from all lookup main
> 32767: from all lookup default
> # ip route list table ppp1
> default dev ppp1 scope link
>
> This works, as I can ping the ppp1 address from the outside. (which
> could not be done before).
>
> Unfortunately, when I try to put a portfw rule on top of this, things go
> wrong:
>
> # ipmasqadm portfw -a -P tcp -L 194.10.21.181 80 -R 192.168.0.133 80
>
> Strangely, this results in packets from 192.168.0.133 being renamed
> 194.10.21.181 *but being directed via ppp0*: tcpdump ppp0 sees packets
> coming from IP address 194.10.21.181.
>
> Unfortunately, the ISP does not like this and drops those. However,
> after issueing
>
> ip rule add from 192.168.0.133 table ppp1

Yes.

> ... the thing works.
>
> This seems a bit odd. Could anyone comment on this? Please cc: my
> E-mail-address, as I'm not subscribed to linux-kernel (and yes, the
> "nospam" stuff works, I read it, it just seems to scare spambots :)

Nothing odd about it. When a packet comes in the box the RPDB (rules,
routes, addresses) is consulted _before_ the ipchains MASQ. So your packet
was sent out ppp0 which I suspect is the default route for the box in
table main.

> Best regards,
>
> Valentijn
> --
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

--------------------------------------------------
Matthew G. Marsh, President
Paktronix Systems LLC
1506 North 59th Street
Omaha NE 68104
Phone: (402) 932-7250 x101
Email: mgm@paktronix.com
WWW: http://www.paktronix.com
--------------------------------------------------

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/