All of lore.kernel.org
 help / color / mirror / Atom feed
* MASQUERADE rule does not work with routing table and bridge
       [not found] <396104199.23817.1393979999577.JavaMail.root@ixer.mx>
@ 2014-03-05  0:47 ` Enrique Huerta de la Fuente
  0 siblings, 0 replies; only message in thread
From: Enrique Huerta de la Fuente @ 2014-03-05  0:47 UTC (permalink / raw)
  To: netfilter

Hi,

I have two routing tables: telmex (br3)  y bbs (br2); both have your property gateway and i set up the routing rules. I can connect to ip2 and ip3 from internet. And the default gateway in the main routing table is ip2.
From te linux router i can output to internet by the gateway ip2, but when i mark certain traffic for outgoing by br3 and masquerade its, not masquerade!!

I know that the traffic output is by eth2 (br3) because i log with ebtables (ebtables -I OUTPUT) but the ip source is ip2.

I disable CONNTRACK for traffic outgoing by br3, but nothing. When i change  default gateway in the main routing to ip3,  it works fine.

The problem is that the MASQUERADE rule does not work with routing table and bridge.

Any idea?


                                                                 ________
                                          +------------+        /
                                          |            |       |
                            +-------------+ Provider 1 +-------
        __                  |ip2          |            |     /
    ___/  \_         +------+-------+     +------------+    |
  _/        \__      |     br2      |                      /
 /             \     |              |                      |
| Local network -----+ Linux router |                      |     Internet
 \_           __/    |              |                      |
   \__     __/       |     br3      |                      \
      \___/          +------+-------+     +------------+    |
                            |ip3          |            |     \
                            +-------------+ Provider 2 +-------
                                          |            |       |
                                          +------------+        \________



# ip route ls
139.132.201.56/29 dev br2  proto kernel  scope link  src 139.132.201.58 
188.126.250.96/28 dev br3  proto kernel  scope link  src 188.126.250.98 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 
192.168.168.0/21 dev br0  proto kernel  scope link  src 192.168.172.254 
192.168.168.0/21 dev br1  proto kernel  scope link  src 192.168.172.253 
default via 139.132.201.62 dev br2

# ip rule ls
0:      from all lookup local 
32755:  from all fwmark 0x5 lookup telmex 
32756:  from 188.126.250.98 lookup telmex 
32757:  from 139.132.201.58 lookup bbs 
32758:  from all fwmark 0x3 lookup bbs 
32766:  from all lookup main 
32767:  from all lookup default

# ip route ls table bbs
139.132.201.56/29 dev br2  scope link  src 139.132.201.58 
default via 139.132.201.62 dev br2


# ip route ls table telmex
188.126.250.96/28 dev br3  scope link  src 188.126.250.98 
default via 188.126.250.97 dev br3

E.Huerta

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2014-03-05  0:47 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <396104199.23817.1393979999577.JavaMail.root@ixer.mx>
2014-03-05  0:47 ` MASQUERADE rule does not work with routing table and bridge Enrique Huerta de la Fuente

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.