[Gllug] [tempgllug] More routing
Juergen Schinker
ba1020 at homie.homelinux.net
Tue May 15 07:38:39 UTC 2007
On Sun, 2007-05-13 at 18:24 +0100, Tethys wrote:
> Anthony Newman writes:
>
> >Why do you want to do this, out of curiosity?
>
> I have a box at work, with 3 interfaces:
>
> eth0: fast net connection, supplied by the managed offices we're in
> eth1: backup adsl connection, owned by us, with a static IP
> eth2: other office machines hang off here
>
> The requirement is to be able to ssh into that machine from the
> outside world (and potentially more, but ssh is a good starting
> point). We can't come in from the fast connection, as they NAT
> our traffic (along with all the other tenants in the building),
> so the machine is not directly IP addressable from the outside
> world. Getting them to allow incoming traffic is not as option.
>
> So we need to come in over the ADSL line. But that's no use if
> a SYN packet comes in and the SYN/ACK goes back out of the other
> interface, and hence is NATed to a different source IP. Hence the
> need to send the reply back out over the same interface.
>
$IPTABLES -t mangle -A OUTPUT -s ! 10.10.0.0/16 -p tcp -m
multiport --sport 22 -j MARK --set-mark 9
$IPTABLES -A POSTROUTING -t nat -o eth0 -j SNAT --to <IP of
interface>
ip route flush table 10
ip route add default via 172.14.1.100 dev <interface> table 10
ip rule add fwmark 9 table 10
ip route flush cache
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list