[Bug 452] New: DNAT to internal network don't work with source routing and 2 uplinks

           Summary: DNAT to internal network don't work with source routing
                    and 2 uplinks
System: Debian Sarge
Kernel: 2.6.8-2-386 (from Debian)
Add-Paches: No

I have gateway with 3 interfaces:

   eth0   eth1
    |      |
  |    gw       |

eth0: Uplink to my ISP1 (, gw:
eth1: Uplink to my ISP2 (, gw:
eth2: My internal network (

Simple source routing:
/sbin/ip rule add from table TABLE1
/sbin/ip route add dev eth0 src table TABLE1
/sbin/ip route add default via table TABLE1
/sbin/route add default gw metric 0

/sbin/ip rule add from table TABLE2
/sbin/ip route add dev eth1 src table TABLE2
/sbin/ip route add default via table TABLE2
/sbin/route add default gw metric 5

If I setup DNAT like:
-A PREROUTING -i eth0 -m tcp -p tcp --dport 25 -j DNAT --to
-A PREROUTING -i eth1 -m tcp -p tcp --dport 25 -j DNAT --to

It will only work If packet will come in from default routing device - eth0. If
I change metric of default gw on eth0 from 0 to 6 this DNAT rule will work only
from eth1 (lower metric). If I remove both default gw, DNAT rules are not
working at all.

I'noticed that DNAT rule is firing - counter on this rule is increasing, but
this SYN packet is never reaching FORWARD chains in filter table. It's just
disappears. There is no trace of this connection in ip_conntrack.

Marcin Z

