?
Solved

iptables SNAT to another eth ?

Posted on 2007-03-24
3
Medium Priority
?
695 Views
Last Modified: 2013-12-23
Using SUSE ...

From the router .. I can do ping -I eth3 google.com .. and it works .. and I did this in iptables

iptables -t nat -A POSTROUTING -s 10.2.0.240 -o eth3 -j SNAT --to-source 192.168.2.64

so .. the ip 10.2.0.240 should get routed through eth3 ! . but it doesn't !

x.x.x.x/30 dev eth1  proto kernel  scope link  src x.x.x.x
192.168.2.0/24 dev eth3  proto kernel  scope link  src 192.168.2.64
10.3.0.0/24 dev eth0  proto kernel  scope link  src 10.3.0.254
10.1.0.0/24 dev eth0  proto kernel  scope link  src 10.1.0.254
10.2.0.0/22 via 10.1.0.2 dev eth0
10.0.0.0/22 via 10.1.0.2 dev eth0
169.254.0.0/16 dev eth0  scope link
127.0.0.0/8 dev lo  scope link
default via x.x.x.x dev eth1

:~> ip ro li table T3
192.168.2.0/24 dev eth3  scope link  src 192.168.2.64
default via 192.168.2.254 dev eth3

:~> ip ru li
dexter@GODZILLA:~> ip ru li
0:      from all lookup local
32765:  from 192.168.2.64 lookup T3
32766:  from all lookup main
32767:  from all lookup default

everything else works just fine .. but I want some ips to get through eth3 instead of eth1 !
0
Comment
Question by:patriciaeldridge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 27

Expert Comment

by:Nopius
ID: 18857542
> so .. the ip 10.2.0.240 should get routed through eth3 ! . but it doesn't !
You almost answered your question -A POSTROUTING means that this rule applies _after_ routing decision.  So that  '-o eth3' never matches your packet (remember that it matches a packet and doesn't route to eth3).
0
 

Author Comment

by:patriciaeldridge
ID: 18857568
well .. how should it look then ? :D .. I still didn't get it right ! :)
0
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 18861710
Let's decide what we need. Possible cases:
1) If you need just route all traffic from single host 10.2.0.240 to all destinations via eth3
2) If you need to route all traffic from entire 10.2.0.0 network to all destiations via eth3
3) If you need to route traffic from either 1 host or entire network as in 1) 2) AND muasquerade it as going from 192.168.2.64 address.
4) You need to route or route+masquerade as in 1) 2) 3) but not to all destinations

If I'm guessing right,  you need a case 3) with a single IP.

Then you need to modify both iptables and routing tables.
1) Delete your old rule
iptables -t nat -D POSTROUTING -s 10.2.0.240 -o eth3 -j SNAT --to-source 192.168.2.64
2) Create a new one:
iptables -t nat -A POSTROUTING -s 10.2.0.240 -o eth3 -j MASQUERADE
3) Now delete old routing rule.
ip rule del prio 32765
4) Add a new rule:
ip rule add from 10.2.0.240 table T3

0

Featured Post

Give Your Engineering Team a Productivity Boost

Learn why container technology is so powerful and how it can provide your team with productivity gains and other benefits.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question