Several networks will be routed through it to the Internet. The linux box
has 2 interfaces connected to 2 different links to the Internet.
So, it has to masquerade some of the networks with its ip
194.102.255.219, and send the masqueraded packets to the host
194.102.255.217 on eth0, and it also has to masquerade the other half of
the networks with its other ip 193.226.100.200 and send masq'ed packets to
host 193.226.100.1 on eth1. It also has to support "stable masquerading"
i.e. if a masq tcp connection is established and I remove the firewall
masq rule, the connection won't die.
What I have done so far:
- I've implemented the "stable masquerading" part in kernel space (with 2
quick hacks :)
- I've also implemented masquerading on 2 ips, based on the fwmark set by
the masquerading firewall rule (this one in kernel space as well)
- I will implement the choice of the networks that go through one output
interface or another in user-space.
What I haven't done:
I can't seem to send the packets from ie 194.102.255.219 to host
194.102.255.217, and the ones from 193.226.100.200 to 193.226.100.1
I have figured this is so because I can't do policy routing at the time
the route is chosed due to the fact that the packet isn't masqueraded
yet and thus, doesn't have one of those ips.
So.. basically, I guess if someone would tell me what would be a good way
to change the packet's route after masquerading it (from what I read in
the kernel source, the packet's output route is determined _before_
calling the firewall), I'd be very happy. :)
Hope you understand my babbling :)
Thanks
-- Tudor Popescu top@kappa.ro
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/