All of lore.kernel.org
 help / color / mirror / Atom feed
From: Cedric Blancher <blancher@cartel-securite.fr>
To: Chris Wilson <chris@netservers.co.uk>
Cc: Coutts@elendil.intranet.cartel-securite.net,
	"Ashe (Testing Account)" <ATest@sbsdk12.org>,
	netfilter@lists.netfilter.org
Subject: Re: Not quite understanding DNAT
Date: 25 Jul 2003 12:10:52 +0200	[thread overview]
Message-ID: <1059127851.1020.45.camel@elendil.intranet.cartel-securite.net> (raw)
In-Reply-To: <Pine.LNX.4.44.0307251045220.1760-100000@localhost>

Le ven 25/07/2003 à 11:47, Chris Wilson a écrit :
> You could try:
> 	route add <internal-server-10.0.0.x> dev eth0 \
> 		gw <address-of-eth0:x>
> Using an address of your own box as the gateway of a route will cause
> locally-generated traffic going down that route to come from that address,
> instead of the default address on the device. This should mean that the
> masquerading uses that address too, but I haven't tested it.

I've just tested this, it does not work as I was expecting.

Therefore, you can use iproute2 to achieve this kind of behaviour. You
can specify to use an arbitrary local IP as source for a given route.
Ashe, you should try this :

	ip route add $INSERV dev eth0 src $SRCIP

I use this quite often on net2net VPN using FreeS/WAN to force gateways
to use their private IP when communicating through the tunnel.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE


  reply	other threads:[~2003-07-25 10:10 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-24  7:00 DNAT question Rio Martin.
2003-07-24  8:29 ` Philip Craig
2003-07-24  8:56   ` Rio Martin.
2003-07-24  9:42     ` Chris Wilson
2003-07-24 13:37       ` Gonzalez, Federico
2003-07-24 14:16         ` Cedric Blancher
2003-07-24 16:22     ` Not quite understanding DNAT Coutts, Ashe (Testing Account)
2003-07-24 16:43       ` Aldo S. Lagana
2003-07-25  0:14       ` Philip Craig
2003-07-25  9:47       ` Chris Wilson
2003-07-25 10:10         ` Cedric Blancher [this message]
2003-07-24 17:14 Daniel Chemko
2003-07-24 17:47 ` Ramin Dousti
2003-07-24 22:06 George Vieira

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1059127851.1020.45.camel@elendil.intranet.cartel-securite.net \
    --to=blancher@cartel-securite.fr \
    --cc=ATest@sbsdk12.org \
    --cc=Coutts@elendil.intranet.cartel-securite.net \
    --cc=chris@netservers.co.uk \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.