Hi,
On Tue, Jan 27, 2009 at 14:14, Fabian Arrotin fabian.arrotin@arrfab.net wrote:
On the other hand, 10 minutes after i had sent my mail (and 3 coffee later to be precise) i saw also a picture from wikipedia (http://upload.wikimedia.org/wikipedia/fr/thumb/3/3e/Netfilter_schema.png/400...)
Interesting diagram! I tried to look for the Wikipedia page that links to it, but no luck. Where did you find it? Is there an article with that?
explaining how packets went through the different ip tables and it was directly clear : even packets leaving the local box (and being processed in the OUTPUT filter) are still processed in the nat table (postrouting filter) so a simple SNAT rule did the job perfectly too ;-)
That was my first thought, configuring a NAT for it. I actually thought that you would be able to solve it by adding a SNAT entry in the OUTPUT chain of the nat table, but when I checked the man page I saw that SNAT can only be used in POSTROUTING. As I assumed you already had a POSTROUTING SNAT rule catching all and you still had the problem with the firewall itself, I did not mention it, but now I see that it makes sense as you need a separate rule for that as the interface is different.
I've also had a look in the sysconfig.txt file to see how your solution could be applied but it's still not very clear how that can be done. But using GATEWAYDEV=eth3 (eth3 having my public-ip/32 while eth3:1 having my 192.168.X.X/24 ip) in the /etc/sysconfig/network and declaring a GATEWAY=192.168.X.X (isp router ip) in the ifcfg-eth3:1 does also the job. But a `route -n` is strange though : " 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 eth3" like for the old ppp stuff
one coffee cup later i see in sysconfig.txt documentation file for the paramaters of ifcfg-<interface-name> : "SRCADDR= use the specified source address for outgoing packets" .. so definitely resolved by sysconfig files (so a clean solution)
Cool! That's real easy! Glad to know that.
So multiple ways to solve the initial question ...
Great! I learned something today! :-)
Filipe