WG: Routing Specific Protocols

Philipp Snizek mailinglists@belfin.ch
Sun, 14 Oct 2001 20:02:35 +0200 

Mike,

Why isn't it possible to send you a mail. this message I get from your receiving smtp:

This message was created automatically by mail delivery software (Exim).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  mcgrellis.com@namezero.com
    SMTP error from remote mailer after RCPT TO:<mcgrellis.com@namezero.com>:
    host m.dnsix.com [216.34.13.242]: 550 <mcgrellis.com@namezero.com>:
    User unknown

Back to topic:

ahh,well, that's something else (how could I know? :-)

I can only tell you how I would analyze the problem:
Accepting all, defining general rule for statefull inspection
and NAT, accepting all as well.
But i'm sure you already did that.

Uhm, btw, how does your statefull inspection rule look like?
How does your NAT rules look like?

Philipp

>
>>Philipp,
>>
>>The interface is called mike, it's not a variable.
>>
>>Cheers though mate :)
>>
>>> -----Original Message-----
>>> From: Philipp Snizek [mailto:mailinglists@belfin.ch]
>>> Sent: 14 October 2001 18:44
>>> To: Daniel P. Hart; netfilter@lists.samba.org
>>> Subject: AW: Routing Specific Protocols
>>>
>>>
>>> >Hi,
>>> >
>>> >I am attempting to route web traffic out of a different
>>> >interface to the
>>> >rest of my traffic.
>>> >I have three interfaces, eth0 (Internal LAN 10.10.10.0/24), eth1
>>> >(Internet) Mike (IPIP Tunnel to 10.10.11.0/24).
>>> >Presently all of my internet traffic is forwarded from eth0, and
>>> >masqueraded out of eth1.
>>> >All traffic to 10.10.11.0/24 is routed from eth0 to mike.
>>> >
>>> >I wish to send all port 80 traffic from eth0 to mike, instead of to
>>> >eth1.
>>> >I have tried this line, to no avail:
>>> >
>>> >Iptables -A FORWARD -s 10.10.10.0/24 -i eth0 -o mike -p tcp
>>-dport 80
>>>
>>> I don't know whether you made a sytax error:
>>>
>>> Iptables -A FORWARD -s 10.10.10.0/24 -i eth0 -o $mike -p tcp
>>-dport 80
>>>
>>>
>>>
>>>
>>>
>>> >And on the firewall at the other end, have enabled masquerading of
>>> >packets from 10.10.10.0/24 out of it's internet interface.
>>> >
>>> >Any help would be appreciated,
>>> >
>>> >Cheers,
>>> >
>>> >Dan Hart
>>> >
>>>
>>
>