<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: cipe + masqerading (Linux)
From: Holger Marzen <holger,AT,marzen,DOT,de>
Date: Sun, 30 Jun 2002 22:06:41 +0200

cipe 1.5.3 on Linux 2.4.13:

How can I masquerade packets that are sent to cipcb0? I have a working
cipe-Connection that uses udp port 20001 on both sides.

If I do something like

  iptables -t nat -A POSTROUTING -s 10.66.53.0/24 -o cipcb0 -j MASQUERADE

then tcpdump shows that the sending port on my machine isn't 20001
anymore, and so the other machine cannot process these packets.

Could it be that policy routing gets in the way? The only thing I use is
forcing the cipe-interface for all outgouing packets with the sender
address of the cipe interface (xxx.yyy.zzz.aa):

root@bluebell:[~] # ip rule ls
0:      from all lookup local
32765:  from xxx.yyy.zzz.aa lookup cipe0.out
32766:  from all lookup main
32767:  from all lookup default

root@bluebell:[~] # ip route ls table cipe0.out
default dev cipcb0  scope link

-- 
PGP/GPG Key-ID:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xB5A1AFE1





<< | Thread Index | >> ]    [ << | Date Index | >> ]