LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-17-2013, 02:06 PM   #1
oandarilho01
LQ Newbie
 
Registered: Sep 2013
Posts: 6

Rep: Reputation: Disabled
Question [SOLVED] NATed ports with 2 WAN scenario


Hi,

I'm trying to deploy the following scenario:

A linux(gentoo, kernel 3.10.7) router with 3 NICs (lan, wan1, wan2), with wan1 being the default route, and a bunch of port redirection to allow remote desktop (Windows RDP, 3389) connections coming through the Internet on wan2.

Theoretically, the traffic has to come in through wan2 AND come out through the same NIC, am I right? This is why we generally follows a LARTC-like tutorial, as I did.
Problem is that these port forwarding is not working.

I'm searching hard for relations, configurations, etc, between kernel config, iproute2 and NAT, but can't solve yet this problem.

The routing treatment for the router itself is OK, I mean, I can ssh to the router box through both wans. I can also use fwmarks to route tcp/udp traffic generated by the lan hosts to specific routes/NICs.

I've tried to turn off rp_filter, turn on accept_redirects and accept_source_route but none of these helped.

From my last researches, I'm starting to suspect that this scenario isn't really possible because of a double NAT situation (both wan1 and wan2 had private IPs, both have routers in front of if, before the ISP modems). A confirmation about this, although negative, should help too.

Any tips would be appreciated.

Thanks in advance

Last edited by oandarilho01; 09-20-2013 at 03:29 PM. Reason: Problem Solved
 
Old 09-20-2013, 03:25 PM   #2
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,893

Rep: Reputation: 163Reputation: 163
Why do you want to use two different WANs, wan1 and wan2, balance traffic?
 
Old 09-20-2013, 03:28 PM   #3
oandarilho01
LQ Newbie
 
Registered: Sep 2013
Posts: 6

Original Poster
Rep: Reputation: Disabled
In the future, yes, load balance. For now, I use two wans in a failover approach.

It seems I managed to put my scenario to work, finally.

After diggin' a bit more on netfilter, I discovered the conntrack match (-m conntrack) which allowed me to use a criteria that hits the port forwarding reply packets. Then, the set of commands/rules became:

1) to mark the redirected traffic:
# iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 3

2) to mark the related port forwarding packets (it doesn't matter what port forwarding was made):
# iptables -t mangle -A PREROUTING -m conntrack --ctstate DNAT -j MARK --set-mark 3

OBS: yes, I choose to use the same mark, as I want to redirect to the same link

3) to treat the traffic:
# ip ru add fwmark 3 table internetA


Now, I cannot say whether the --ctstate rule is the optimal setup for this, nor can I foresee any problem it could cause to other connections. But happily it works now.

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to connect (easily) two NATed boxes? eantoranz Linux - Networking 15 06-10-2009 03:29 PM
Slow/Intermittent NATed Internet After Reboot Ruler2112 *BSD 1 01-28-2009 06:10 PM
whats my NATed IP? logicalfuzz Linux - Networking 3 10-11-2005 03:39 PM
FreeS/Wan Vs. OpenS/Wan Vs. StrongS/Wan bkankur Linux - Security 1 03-01-2005 10:27 AM
Routing using VPN on a NATed network yanix Linux - Networking 0 10-18-2004 12:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration