[Wylug-help] IP alias/forward

Gary Stainburn gary.stainburn at ringways.co.uk
Tue, 25 Feb 2003 14:19:37 +0000 

On Tuesday 25 Feb 2003 12:31 pm, James Holden wrote:
> Gary,
>
> You don't need (want) iptables to do this. You just need to enable IP
> forwarding, like so:
>
> [root@yourbox root] # echo "1" > /proc/sys/net/ipv4/ip_forward
>
> You'll need to point the clients on the 10.x.x.x subnet towards the IP
> address of your box (10.1.0.34) so they use it as their (default) gateway.
>
> Given that you've got the routing tables all set up anyway, ie: your box
> knows how to get to each subnet, enabling packet forwarding is all you
> need to do.
>
> The command you have below is to rewrite the packets so that packets
> received with a destination of 10.1.0.34 get rewritten to have a
> destination address of 192.168.1.2, which isn't what you want. You just
> need the packets passing, not rewriting. This technique is similar to the
> technique I use to enable me to have my webserver behind my NAT box. If
> you go to www.microcosmos.co.uk, the IP address you'll hit is 80.7.77.70,
> but they end up at 192.168.1.250.
>
> James

Hi Nick,

Thanks for that Nick.  I was making the problem much worse that it needed to
be.

I had forwarding turned on and it was working fine for the other destinations.
The problem was that one of the remote IP addresses is within the subnet I
use for Leeds, i.e. Leeds is 10.1.0.0/255.255.0.0 and the IP address that is
the other side of the router is 10.1.0.34.

My interpretation of the IP stack and routing was that the source ip/subnet
and the destination ip/subnet were compared and the routing tables only used
if they didn't match - hence my attempts to alias and then forward.

However, as both Linux and Win9x boxes still use the route tables if the
subnets match, a simple route rule did the trick.

Gary




>
> Gary Stainburn said:
> > Hi folks,
> >
> > I have to route traffic to another network for an IP address that is
> > within one of my subnets.
> >
> > I've created an interface eth0:0 with the address 10.1.0.34 and then
> > tried to redirect the packets to the router using the following rule but
> > it didn't work:
> >
> > eth0:0 10.1.0.34
> > eth1 192.168.1.1
> > Cisco router 192.168.1.2
> >
> > iptables -A  PREROUTING -d 10.1.0.34 -j DNAT --to-destination
> > 192.168.1.2
> >
> > Unfortunately, this simply redirect the HTTP requests for that addr to
> > the cisco's http server because this rule simply changed the destination
> > IP address to the cisco, then forwarded it.
> >
> > What I need to know, is what rule do I need to add to simply forward the
> > IP packets without actually mangling them.
> >
> > anyone got any ideas?
> > --
> > Gary Stainburn
> >
> > This email does not contain private or confidential material as it may
> > be snooped on by interested government parties for unknown
> > and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
> >
> >
> > _______________________________________________
> > Wylug-help mailing list
> > Wylug-help@wylug.org.uk
> > http://list.wylug.org.uk/mailman/listinfo/wylug-help

--
Gary Stainburn

This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000