Issue with SNAT/DNAT and mutiple routing tables

Jorge Rocha jrocha@node1.com.br
Fri, 13 Jul 2001 08:54:08 -0300 

Hi,

         I've a box with 3 interfaces, eth0 at my LAN, eth1 at internet 
connection 1 & 2 and eth2 at internet connection 3.

My  interfaces config:

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 100
     link/ether 00:50:8b:b9:b3:45 brd ff:ff:ff:ff:ff:ff
     inet 10.10.1.121/24 brd 10.10.1.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 100
     link/ether 00:50:8b:b9:ad:83 brd ff:ff:ff:ff:ff:ff
     inet 200.198.125.162/29 brd 200.198.125.167 scope global eth1
     inet 200.205.99.162/28 brd 200.205.99.175 scope global eth1
     inet 200.198.125.166/29 brd 200.198.126.167 scope global secondary eth1
     inet 200.198.125.164/29 brd 200.198.126.167 scope global secondary eth1
     inet 200.198.125.163/29 brd 200.198.125.167 scope global secondary eth1
     inet 200.198.125.165/29 brd 200.198.125.167 scope global secondary eth1
     inet 200.205.99.164/28 brd 200.205.99.175 scope global secondary eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
     link/ether 00:50:8b:9a:be:4a brd ff:ff:ff:ff:ff:ff
     inet 200.213.192.2/26 brd 200.213.192.63 scope global eth2
     inet 200.213.192.3/26 brd 200.213.192.63 scope global secondary eth2


I'm using 3 routing tables:

table main:

200.198.125.160/29 dev eth1  proto kernel  scope link  src 200.198.125.162
200.205.99.160/28 dev eth1  proto kernel  scope link  src 200.205.99.162
200.213.192.0/26 dev eth2  proto kernel  scope link  src 200.213.192.2
10.10.1.0/24 dev eth0  proto kernel  scope link  src 10.10.1.121
10.0.0.0/8 via 10.10.1.254 dev eth0
127.0.0.0/8 dev lo  scope link
default via 200.198.125.161 dev eth1


table 2:

200.213.192.0/26 dev eth2  scope link
default via 200.213.192.1 dev eth2

table 3:

200.205.99.160/28 dev eth1  scope link
default via 200.205.99.161 dev eth1


And I've the following rules:

0:      from all lookup local
32764:  from 200.205.99.160/28 lookup 3
32765:  from 200.213.192.0/26 lookup 2
32766:  from all lookup main
32767:  from all lookup 253


iptables config:

iptables -t nat -A PREROUTING -d 200.205.99.165 -p tcp --dport 110 -j DNAT 
--to-destination 10.10.1.114
iptables -t nat -A POSTROUTING -s 10.10.1.114 -d ! 10.0.0.0/8 -j SNAT 
--to-source 200.205.99.162



         Both rules don't work, i think it's happening because iptables 
only using table main and make packets SNAT:ed and DNAT:ed being routed to 
default gateway of table main and the router drop them.
         I've another rules with the same problem. Any ideias?



Tkz in advance,
Jorge Rocha

-- 
Node 1 Internet
http://www.node1.com.br
Tel.: (11) 5092-6020
Fax.: (11) 5092-6033