Re: Routing over Aliased IP addresses
Originally Posted by
The Cog
That has me confused. Do you really need both the static route and the masquerade? By my understanding of things, you should onle need one or the other.
I thought:
If you are masquerading the router won't talk to anything from 192.168.1.x so the static route is not need.
If you have the static route, the router knows how to send back to 192.168.1.x so masquerading isn't needed.
Am I missing something, or are you implementing 3 fixes when you only need one?
What I'm doing now is
Code:
sudo iptables -A FORWARD -s 192.168.0.2 -d 192.168.1.1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -s 192.168.1.1 -d 192.168.0.2 -j ACCEPT
That's been working perfectly. Happy days!
Now the next step is to get a transarent proxy server going too. Which sort of works. It works for some websites, but not all, and the websites it does work for are painfully slow. Sites hosted internally only work if you use the FQDM, not the IP address, so I suspect that it's routing things circularly, but I don't know how to get away from that. Any ideas?
I tried setting up the proxy server to only listen on 192.168.1.2 (another IP alias on the same server), but that hasn't change anything.
Current rules that I'm using are (the above two plus):
Code:
sudo iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:3128
sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -p tcp --dport 3128 -o 192.168.0.2 -j MASQUERADE
Server: HP ProLiant MicroServer N40L, Ubuntu Server 12.04LTS
Laptop: ACER Aspire 5741G, Core i3 330M 2.26GHz, 4GB DDR3, Linux Mint 14
Desktop: AMD Phenom X4 9600, ASUS M4A78 Pro, 4GB DDR2, Ubuntu 12.04LTS
Bookmarks