Filipe Brandenburger wrote:
Hi Fabian:
On Tue, Jan 27, 2009 at 08:16, Fabian Arrotin fabian.arrotin@arrfab.net wrote:
Question is : how can i "mangle" output packets to appear coming from public ip and not from 192.168.X.X ?
Found this that might help you (google for: linux default outgoing ip):
"""
On a machine with multiple interfaces, is it possible to set the default outgoing IP address to something other than the address for the interface on the outgoing route?
Yes.
ip route add 10.1.1.0/24 via 192.168.1.1 src 172.16.1.1 ^^^ The src parameter tells the routing code to use this address when sending packets. The address only needs to be on the system. IE:
ip addr add 172.16.1.1/32 dev dummy0
And send the packets out of eth0. """ From: http://lkml.indiana.edu/hypermail/linux/kernel/0112.1/0359.html
Just make sure you keep a separate route for your ISP's side of the private network (maybe the one created when your interface goes up will do), otherwise your routing protocol might fail.
HTH, Filipe
Hi Filipe,
thanks for the link, i completely missed that point from the 'ip route' command. On the other hand, 10 minutes after i had sent my mail (and 3 coffee later to be precise) i saw also a picture from wikipedia (http://upload.wikimedia.org/wikipedia/fr/thumb/3/3e/Netfilter_schema.png/400...) explaining how packets went through the different ip tables and it was directly clear : even packets leaving the local box (and being processed in the OUTPUT filter) are still processed in the nat table (postrouting filter) so a simple SNAT rule did the job perfectly too ;-) In fact it's the first time that i have to modify packets leaving a linux gateway and i thought that only packets being forwarded (and so traversing the FORWARD filter) could also being modified in the nat table ... I've also had a look in the sysconfig.txt file to see how your solution could be applied but it's still not very clear how that can be done. But using GATEWAYDEV=eth3 (eth3 having my public-ip/32 while eth3:1 having my 192.168.X.X/24 ip) in the /etc/sysconfig/network and declaring a GATEWAY=192.168.X.X (isp router ip) in the ifcfg-eth3:1 does also the job. But a `route -n` is strange though : " 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 eth3" like for the old ppp stuff
So multiple ways to solve the initial question ... -- Fabian Arrotin idea=`grep -i clue /dev/brain` ; test -z "$idea" && echo "sorry, init 6 in progress" || sh ./answer.sh