Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: redirect routing on non-default interface
Special Forums IP Networking redirect routing on non-default interface Post 302267166 by docawk on Thursday 11th of December 2008 06:01:36 PM
Old 12-11-2008
redirect routing on non-default interface
Hello list membes

I have a linux running firewall/router machine, connecting LAN to the internet with two interfaces (no load balancing or other connections). One is a fast connection with dynamic IP (ADSL) which is the default route, the other is a static IP (T3) connection (used for mail sever and other services available from www).
Additional I want to provide our intranet (located in the LAN) access to workes outside the office, using a port on the static firewall IP, which will be redirected (dnat) by iptables prerouting rule and allowed forwarding to LAN intranet sever port.
The scenario is woking when the T3 connection is default gateway in the main routing table. It is not working when I switch the default gateway to the ADSL connection.
The incoming packets are trackable with tcpdump and dnat redirect in the prerouting table is working (notification in syslog by iptables). Missing are the packets on the interface to LAN and the forwarding notification by iptables is also missing. So I think this is a routing problem.

I hope someone can help, or getting me clues what to check.

Thank you,

Oliver




Here is some information on the network topology and snips from the routing/firewall script:

Code:
                                  /-------------------\
                                  |       DMZ         |
                                  |  static IP        |
                                  \-------------------/
                                         |
                                       2 |
                                  /--------------------------------\
                    StaticIP      | Static IP                      |
                  /----------\  1 |                                | 0  /-----------------\
                  |    T3    | -- |       Firewall/Router          | -- |   LAN           |
                / \----------/    |                                |    |                 |
               /                  |                                |    \-----------------/
/-------\     /                   \--------------------------------/ 
|  WWW  | ---<                           |                           
\-------/     \                        3 |                           
               \                         |                           
                \ /----------\           |         
                  |   ADSL   | ---------/                 
                  \----------/                    
                    DynamicIP                              
                                                                     
                                                                     


function SetIPROUTEmain () {
   
    ExitStatus=0
    echo -en " - Setting Routing table main " >>$MessageDev
    $IP route add $LAN_IP_RANGE dev $LAN_IFACE src $LAN_IP
    ExitStatus=$(($ExitStatus+$?))
    $IP route add $ADSL_IP_RANGE dev $ADSL_IFACE src $ADSL_IP
    ExitStatus=$(($ExitStatus+$?))
    $IP route add $DMZ_IP_RANGE dev $DMZ_IFACE src $DMZ_IP
    ExitStatus=$(($ExitStatus+$?))
    $IP route add $T3_GATEWAY dev $T3_IFACE src $T3_IP
    ExitStatus=$(($ExitStatus+$?))

    $IP route add default via $ADSL_GATEWAY dev $ADSL_IFACE
    ExitStatus=$(($ExitStatus+$?))

    $IP route flush cache
    ExitStatus=$(($ExitStatus+$?))
    PRINT_EXIT_STATUS $ExitStatus
    echo >>$MessageDev
}
function SetIPROUTEadsl () {
   
    ExitStatus=0
    echo -en " - Setting Routing table ADSL " >>$MessageDev

    $IP route add $ADSL_IP_RANGE dev $ADSL_IFACE src $ADSL_IP table ADSL
    ExitStatus=$(($ExitStatus+$?))
    $IP route add $T3_GATEWAY dev $T3_IFACE src $T3_IP table ADSL
    ExitStatus=$(($ExitStatus+$?))
    $IP route add $DMZ_IP_RANGE dev $DMZ_IFACE src $DMZ_IP table ADSL
    ExitStatus=$(($ExitStatus+$?))
    $IP route add $LAN_IP_RANGE dev $LAN_IFACE src $LAN_IP table ADSL
    ExitStatus=$(($ExitStatus+$?))
    $IP route add $LO_IP_RANGE dev $LO_IFACE src $LO_IP table ADSL
    ExitStatus=$(($ExitStatus+$?))
    $IP route add default via $ADSL_GATEWAY dev $ADSL_IFACE table ADSL
    ExitStatus=$(($ExitStatus+$?))

    $IP rule add from $ADSL_IP table ADSL
    ExitStatus=$(($ExitStatus+$?))

    $IP route flush cache
    ExitStatus=$(($ExitStatus+$?))
    PRINT_EXIT_STATUS $ExitStatus
    echo >>$MessageDev
   
}   
function SetIPROUTEt3 () {
   
    ExitStatus=0
    echo -en " - Setting Routing table T3 " >>$MessageDev

    $IP route add $ADSL_IP_RANGE dev $ADSL_IFACE src $ADSL_IP table T3
    ExitStatus=$(($ExitStatus+$?))
    $IP route add $T3_GATEWAY dev $T3_IFACE src $T3_IP table T3
    ExitStatus=$(($ExitStatus+$?))
    $IP route add $DMZ_IP_RANGE dev $DMZ_IFACE src $DMZ_IP table T3
    ExitStatus=$(($ExitStatus+$?))
    $IP route add $LAN_IP_RANGE dev $LAN_IFACE src $LAN_IP table T3
    ExitStatus=$(($ExitStatus+$?))
    $IP route add $LO_IP_RANGE dev $LO_IFACE src $LO_IP table T3
    ExitStatus=$(($ExitStatus+$?))
    $IP route add default via $T3_GATEWAY dev $T3_IFACE table T3
    ExitStatus=$(($ExitStatus+$?))

    $IP rule add from $T3_IP table T3
    ExitStatus=$(($ExitStatus+$?))
    $IP rule add from $DMZ_IP_RANGE table T3
    ExitStatus=$(($ExitStatus+$?))
 
    $IP route flush cache
    ExitStatus=$(($ExitStatus+$?))
    PRINT_EXIT_STATUS $ExitStatus
    echo >>$MessageDev
   
}   



function IPT_Intranet () {

    #-------------------------------------------------------------------------------
    # Pierce Port 20080 to Intranet WWW
    if [ "$Enable_INTRANET" = "y" ] ; then
   
        ExitStatus=0
        echo -ne " - Establish INTRANET rules " >>$MessageDev

        $IPTABLES -t nat -A PREROUTING -p TCP -i $T3_IFACE --dport 20080 -j LOG --log-prefix "DNAT 20080:"
        ExitStatus=$(($ExitStatus+$?))
        $IPTABLES -t nat -A PREROUTING -p TCP -i $T3_IFACE -d $DMZ2_IP --dport 20080 -j DNAT --to-destination $WWW_SERVER_IP:81
        ExitStatus=$(($ExitStatus+$?))
   
        $IPTABLES -A FORWARD -p TCP  -d $WWW_SERVER_IP -j LOG --log-level DEBUG --log-prefix "IPT FORWARD INTRANET:"
        ExitStatus=$(($ExitStatus+$?))
        $IPTABLES -A FORWARD -p TCP -i $T3_IFACE -d $WWW_SERVER_IP -o $LAN_IFACE --dport 81 -j ACCEPT
        ExitStatus=$(($ExitStatus+$?))

        PRINT_EXIT_STATUS $ExitStatus
        echo >>$MessageDev
   
    fi

}

 

7 More Discussions You Might Find Interesting

1. Solaris

Command line Interface or GUI Interface not shown on solaris

Dear all, I am a newbie in solaris and I need your advice. I have a Solaris version 5.9 installed on Sunfire V240. I am able to ssh the machine from putty remotely. My problem is that I cannot see the display from KVM switch I have connected to it. I need also to be able to see the GUI... (2 Replies)
Discussion started by: mbouster
2 Replies

2. SCO

Change SCO - GUI or Desktop interface to DOS based interface

Hi all I have installed a demo version of SCO OpenServer 5.0.2, I finally found it is Desktop Interface, I would like to know how to change its interface to dos based interface? If you have any ideas, please tell me then. Thank you (2 Replies)
Discussion started by: TinhNhi
2 Replies

3. IP Networking

Need a bridge from an ethernet interface to a serial interface

This is my situation DOS pc serial cable (sl0) Linux Pc eth1 192.168.0.10 <-------------------->192.168.0.2 <------------>192.168.0.1 (router) I connected the linux pc and the dos pc with a SLIP (serial line internet protocol), so they can communicate in the sl0 interface. ... (3 Replies)
Discussion started by: mghis
3 Replies

4. Solaris

Traffic routing through wrong interface

Solaris-9 server is having one primary IP 10.41.161.14 on qfe0 and 10.41.116.0 on qfe3:1. Traffic is going through virtual interface instead of physical interface. How should I force traffic to go with primary interface. root@smtsrvn01:/# netstat -nr Routing Table: IPv4 Destination ... (2 Replies)
Discussion started by: solaris_1977
2 Replies

5. IP Networking

Linux load balancer ping redirect to other interface

Im configuring centos with load balance with ip route and ip rule Eth0 192.168.1.5 Eth1 192.168.5.128 # ip route 192.168.5.0/24 dev eth1 scope link src 192.168.5.128 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.5 169.254.0.0/16 dev eth1 scope link # ip route show... (2 Replies)
Discussion started by: hadinetcat
2 Replies

6. UNIX for Dummies Questions & Answers

Adding a network interface to a bonded interface

I have a RHEL 5 system with a bonded interface configure using only one network port (eth0). So I have config file for ifcfg-bond0 and ifcfg-eth. I'd like to configure eth5 to be the second SLAVE in the bond. My question is, after I modify ifcfg-eth5, can I add eth5 to the bond0 interface without... (1 Reply)
Discussion started by: westmoreland
1 Replies

7. IP Networking

Port based multi interface routing

Hello, I wanted to setup routing certain traffic (http/s) out via a second (faster) interface, like described in the following docs (may not post urls): linux-ip.net /html/adv-multi-internet.html thegeekstuff.com /2014/08/add-route-ip-command/ I already had this working years ago on... (0 Replies)
Discussion started by: hyphan
0 Replies
All times are GMT -4. The time now is 07:08 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy