Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-17-2013, 02:06 PM
|
#1
|
LQ Newbie
Registered: Sep 2013
Posts: 6
Rep:
|
[SOLVED] NATed ports with 2 WAN scenario
Hi,
I'm trying to deploy the following scenario:
A linux(gentoo, kernel 3.10.7) router with 3 NICs (lan, wan1, wan2), with wan1 being the default route, and a bunch of port redirection to allow remote desktop (Windows RDP, 3389) connections coming through the Internet on wan2.
Theoretically, the traffic has to come in through wan2 AND come out through the same NIC, am I right? This is why we generally follows a LARTC-like tutorial, as I did.
Problem is that these port forwarding is not working.
I'm searching hard for relations, configurations, etc, between kernel config, iproute2 and NAT, but can't solve yet this problem.
The routing treatment for the router itself is OK, I mean, I can ssh to the router box through both wans. I can also use fwmarks to route tcp/udp traffic generated by the lan hosts to specific routes/NICs.
I've tried to turn off rp_filter, turn on accept_redirects and accept_source_route but none of these helped.
From my last researches, I'm starting to suspect that this scenario isn't really possible because of a double NAT situation (both wan1 and wan2 had private IPs, both have routers in front of if, before the ISP modems). A confirmation about this, although negative, should help too.
Any tips would be appreciated.
Thanks in advance
Last edited by oandarilho01; 09-20-2013 at 03:29 PM.
Reason: Problem Solved
|
|
|
09-20-2013, 03:25 PM
|
#2
|
Senior Member
Registered: Apr 2009
Posts: 1,893
Rep:
|
Why do you want to use two different WANs, wan1 and wan2, balance traffic?
|
|
|
09-20-2013, 03:28 PM
|
#3
|
LQ Newbie
Registered: Sep 2013
Posts: 6
Original Poster
Rep:
|
In the future, yes, load balance. For now, I use two wans in a failover approach.
It seems I managed to put my scenario to work, finally.
After diggin' a bit more on netfilter, I discovered the conntrack match (-m conntrack) which allowed me to use a criteria that hits the port forwarding reply packets. Then, the set of commands/rules became:
1) to mark the redirected traffic:
# iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 3
2) to mark the related port forwarding packets (it doesn't matter what port forwarding was made):
# iptables -t mangle -A PREROUTING -m conntrack --ctstate DNAT -j MARK --set-mark 3
OBS: yes, I choose to use the same mark, as I want to redirect to the same link
3) to treat the traffic:
# ip ru add fwmark 3 table internetA
Now, I cannot say whether the --ctstate rule is the optimal setup for this, nor can I foresee any problem it could cause to other connections. But happily it works now.
Thanks.
|
|
|
All times are GMT -5. The time now is 05:01 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|