ip route nat madness.

Discussion:

Петр Волков

2004-10-26 16:49:05 UTC

Hello list.

I may become crazy without your help. I'm not nubie, but...

All worked with 2.4 kernel, but when I have to move to 2.6.8.1 it's not.

I'm using "ip route nat 231.222.222.111 via 172.16.1.13" to substitute inet address 231.222.222.111 on 172.16.1.13 during routing. Look at the output:
_____________
myhost log # ip route list table local
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 172.16.0.1 dev eth1 proto kernel scope host src 172.16.0.1
broadcast 172.16.0.0 dev eth1 proto kernel scope link src 172.16.0.1
broadcast 231.222.222.111 dev eth0 proto kernel scope link src 231.222.222.111
broadcast 231.222.222.111 dev eth0 proto kernel scope link src 231.222.222.111
local 231.222.222.111 dev eth0 proto kernel scope host src 231.222.222.111
broadcast 172.16.255.255 dev eth1 proto kernel scope link src 172.16.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
nat 231.222.222.111 via 172.16.1.13 scope host
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1

myhost log # ip rule
0: from all lookup local
323: from 172.16.1.13 lookup main map-to 231.222.222.111
32766: from all lookup main
32767: from all lookup default
_______________________

So I'm trying to translate local address 172.16.1.13 on 231.222.222.111.

And that was working under 2.4 kernel. But now I have to move to 2.6 kernel and now it's not working.

I've used this commands:
ip route add nat 231.222.222.111 via 172.16.1.13
ip rule add prio 323 from 172.16.1.13 nat 231.222.222.111

!!! To be sure that it is kernel problem I've added this two rules in my FORWARD chain in the very beginning:
iptables -I FORWARD -s 172.16.1.13 -j LOG
iptables -I FORWARD -d 231.222.222.111 -j LOG

Look I have packets that should not be there:
Oct 27 00:30:04 rcline IN=eth1 OUT=eth0 SRC=172.16.1.13 DST=64.12.161.185 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=43039 DF PROTO=TCP SPT=1923 DPT=5190 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 00:30:04 rcline IN=eth0 OUT=eth1 SRC=83.102.131.142 DST=231.222.222.111 LEN=84 TOS=0x00 PREC=0x00 TTL=59 ID=2990 DF PROTO=ICMP TYPE=8 CODE=0 ID=22310 SEQ=2991

No substitution of niether destination, nor source adresses!!!

Please help me to make this working. I've tried 2.6.9 kernel, but It seems there is no
"IP: fast network address translation". Why. Is feature already deprecated?

Some advices how to solve this problem are very welcome.

Sorry for my bad English, it is not my native language.

Thank you for your reading of this cry for help. If you have any ideas... they are welcome...
_______________________________________________
LARTC mailing list / ***@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Peter Volkov Alexandrovich

2004-11-05 08:22:32 UTC

Permalink

Hello.

I need your help. The problem is I can not make route nat working with kernel
2.6 although in 2.4 everthing works perfectly.

If this is the wrong list to ask question about this, please poke me in the
right one.

So. I have router with two network cards: eth0(192.168.1.10) and eth1
(192.168.2.150). Kernel is 2.6.8.1. In the kernel all options and suboptions
concerning "IP: advanced router" are enabled. I want to map computer in
192.168.2.0/24 subnet with IP 192.168.2.5 on 192.168.1.17 in 192.168.1.0/24
subnet.

I am not an artist but may be this graph can illustrate my situation:

192.168.1.0/24<..... nat ....>192.168.2.0/24
<192.168.1.1>-----<192.168.1.10>router<192.168.2.150>-----<192.168.2.5>
eth0 eth1 host i want
<192.168.1.17>----------nat------------> to map
dummy address

So following ip-cref written by Alexey Kuznetsov first of all I issue the
command:

nat router # ip route add nat 192.168.1.17 via 192.168.2.5

Now my router answers ARP for 192.168.1.17 and recieves the packets for it.
Then it ever route them from eth0 to eth1 BUT it does not nat destination ip
address. Look what one can see using tcpdimp! I ping 172.16.1.17 from
192.168.1.1:
nat router # tcpdump -ni eth0
05:49:19.085838 arp who-has 192.168.1.17 tell 192.168.1.1
05:49:19.086938 arp reply 192.168.1.17 is-at 00:0c:29:od:85:04
05:49:19.692799 IP 192.168.1.1 > 192.168.1.17: icmp 64: echo request seq 1

AT the same time on eth1:
nat router # tcpdump -ni eth0
05:49:19.692837 IP 192.168.1.1 > 192.168.1.17: icmp 64: echo request seq 1

My route table is Ok.

nat router # ip route
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.250
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10
127.0.0.0/8 via 127.0.0.1 dev lo scope link

So why the packet that should be DNATed is not and how could packet that
should be sent to eth0 sent to eth1?

Is there any other possibility to nat 192.168.2.5 on 192.168.1.17?

The last question what is with "IP: fast network address translation" in 2.6.9
kernel? Why it is absent?

Thank you in advance,
_____________
Peter.

P.S. I need your help to find sollution. Otherwise there is a possibility for
my employer can dismiss me.

P.P.S. below is also my letter with the same problem. No one answered it.:(

Post by ÐÐµÑÑ ÐÐ¾Ð»ÐºÐ¾Ð²
All worked with 2.4 kernel, but when I have to move to 2.6.8.1 it's not.
I'm using "ip route nat 231.222.222.111 via 172.16.1.13" to substitute inet
_____________
myhost log # ip route list table local
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 172.16.0.1 dev eth1 proto kernel scope host src 172.16.0.1
broadcast 172.16.0.0 dev eth1 proto kernel scope link src 172.16.0.1
broadcast 231.222.222.111 dev eth0 proto kernel scope link src
231.222.222.111 broadcast 231.222.222.111 dev eth0 proto kernel scope
link src 231.222.222.111 local 231.222.222.111 dev eth0 proto kernel
scope host src 231.222.222.111 broadcast 172.16.255.255 dev eth1 proto
kernel scope link src 172.16.0.1 broadcast 127.0.0.0 dev lo proto kernel
scope link src 127.0.0.1 nat 231.222.222.111 via 172.16.1.13 scope host
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
myhost log # ip rule
0: from all lookup local
323: from 172.16.1.13 lookup main map-to 231.222.222.111
32766: from all lookup main
32767: from all lookup default
_______________________
So I'm trying to translate local address 172.16.1.13 on 231.222.222.111.
And that was working under 2.4 kernel. But now I have to move to 2.6 kernel
and now it's not working.
ip route add nat 231.222.222.111 via 172.16.1.13
ip rule add prio 323 from 172.16.1.13 nat 231.222.222.111
!!! To be sure that it is kernel problem I've added this two rules in my
FORWARD chain in the very beginning: iptables -I FORWARD -s 172.16.1.13 -j
LOG
iptables -I FORWARD -d 231.222.222.111 -j LOG
Oct 27 00:30:04 rcline IN=eth1 OUT=eth0 SRC=172.16.1.13 DST=64.12.161.185
LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=43039 DF PROTO=TCP SPT=1923 DPT=5190
WINDOW=65535 RES=0x00 SYN URGP=0 Oct 27 00:30:04 rcline IN=eth0 OUT=eth1
SRC=83.102.131.142 DST=231.222.222.111 LEN=84 TOS=0x00 PREC=0x00 TTL=59
ID=2990 DF PROTO=ICMP TYPE=8 CODE=0 ID=22310 SEQ=2991
No substitution of niether destination, nor source adresses!!!
Please help me to make this working. I've tried 2.6.9 kernel, but It seems
there is no "IP: fast network address translation". Why. Is feature already
deprecated?

_______________________________________________
LARTC mailing list / ***@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Peter Volkov Alexandrovich

2004-11-09 10:09:13 UTC

Permalink

Hello.

I need your help. The problem is I can not make route nat working with kernel
2.6 although in 2.4 everthing works perfectly. I forced to have 2.6 kernel as
I need SATA.

If this is the wrong list to ask question about this, please poke me in the
right one.

So. I have router with two network cards: eth0(192.168.1.10) and eth1
(192.168.2.150). Kernel is 2.6.8.1. In the kernel all options and suboptions
concerning "IP: advanced router" are enabled. I want to map computer in
192.168.2.0/24 subnet with IP 192.168.2.5 on 192.168.1.17 in 192.168.1.0/24
subnet.

I am not an artist but may be this graph can illustrate my situation:

192.168.1.0/24<..... nat ....>192.168.2.0/24
<192.168.1.1>-----<192.168.1.10>router<192.168.2.150>-----<192.168.2.5>
eth0 eth1 host i want
<192.168.1.17>----------nat------------> to map
dummy address

So following ip-cref written by Alexey Kuznetsov first of all I issue the
command:

nat router # ip route add nat 192.168.1.17 via 192.168.2.5

Now my router answers ARP for 192.168.1.17 and recieves the packets for it.
Then it ever route them from eth0 to eth1 BUT it does not nat destination ip
address. Look what one can see using tcpdimp! I ping 172.16.1.17 from
192.168.1.1:
nat router # tcpdump -ni eth0
05:49:19.085838 arp who-has 192.168.1.17 tell 192.168.1.1
05:49:19.086938 arp reply 192.168.1.17 is-at 00:0c:29:od:85:04
05:49:19.692799 IP 192.168.1.1 > 192.168.1.17: icmp 64: echo request seq 1

AT the same time on eth1:
nat router # tcpdump -ni eth0
05:49:19.692837 IP 192.168.1.1 > 192.168.1.17: icmp 64: echo request seq 1

My route table is Ok.

nat router # ip route
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.250
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10
127.0.0.0/8 via 127.0.0.1 dev lo scope link

So why the packet that should be DNATed is not and how could packet that
should be sent to eth0 sent to eth1?

Is there any other possibility to nat 192.168.2.5 on 192.168.1.17?

The last question what is with "IP: fast network address translation" in 2.6.9
kernel? Why it is absent?

Thank you in advance,
_____________
Peter.

P.S. I need your help to find sollution. Otherwise there is a possibility for
my employer can dismiss me.

P.P.S. below is also my letter with the same problem. No one answered it.:(

_______________________________________________
LARTC mailing list / ***@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/