[CentOS] route question
Jerry Geis
geisj at pagestation.com
Mon May 17 14:49:14 UTC 2010
>
> I searched for "Destination nat" just to make sure I did not miss
> something and it looks like what I have above.
>
> Thanks,
>
> jerry
>
Ok - I found out how to enable iptables logging. I can see a connection
from 98.X on port 25 going to .58 as desired.
Then we can see that the return is going out eth2 - and - it should be
going out eth1 based on postrouting.
May 17 10:30:10 mngateway kernel: IN=eth1 OUT=eth0 SRC=98.220.57.24
DST=192.168.1.58 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=17126 DF PROTO=TCP
SPT=49060 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0
May 17 10:30:10 mngateway kernel: IN=eth0 OUT=eth2 SRC=192.168.1.58
DST=98.220.57.24 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP
SPT=25 DPT=49060 WINDOW=5792 RES=0x00 ACK SYN URGP=0
Everything on eth2 is working as needed. Incoming gets correctly
pre-routed and outgoing gets correctly post-routed.
Its just eth1 that is not correctly post-routing.
What have I "uncorrectly configured" so return packets that connect on
eth1 go back out eth1?
below are my config lines again.
Jerry
-------------
eth0 is internal
eth1 is 74.X network
eth2 is 24.X network
INTERFACE="eth1"
MYIP="74.223.8.179"
GWIP="192.168.1.1"
# setup port 22
iptables -t nat -A PREROUTING -i $INTERFACE -p tcp -d $MYIP --dport 22
-j DNAT --to 192.168.1.58:22
iptables -t nat -A POSTROUTING -o $INTERFACE -d 192.168.1.58 -j SNAT
--to $GWIP
# Setup the port for sendmail
iptables -t nat -A PREROUTING -i $INTERFACE -p tcp -d $MYIP --dport 25
-j DNAT --to 192.168.1.58:25
iptables -t nat -A POSTROUTING -o $INTERFACE -d 192.168.1.58 -j SNAT
--to $GWIP
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
24.123.23.168 0.0.0.0 255.255.255.248 U 0 0 0 eth2
74.223.8.176 0.0.0.0 255.255.255.240 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
0.0.0.0 24.123.23.169 0.0.0.0 UG 0 0 0 eth2
More information about the CentOS
mailing list