Fred Viles <[EMAIL PROTECTED]> wrote:
>
> As for actually routing the masqueraded reply through the eth1
> interface, is that even possible? Can the masquerade logic override
> the default route?
This is a common misconception about IP Masq. (I'm not saying that
you're having this misconception, I'm just saying that it's common.)
The IP Masq rulesets might appear that they are controlling route
behavior, but they do not. They merely modify route decisions after
they have already been made.
Once a routing decision has been made (via the route table), the masq
rules can only decide whether it should, or should not happen, or
whether to invoke masquerading when the route is taken.
It's possible that masq isn't quite set up properly in the problem
given. Perhaps the masq box is trying to masquerade in multiple
directions, which makes the target machine unable to recognize its own
reply (because it looks like a different machine). Just a guess,
really.
Anyway, the main issue is that, if you think the packets are going the
wrong way, you have to fix the route table to do the right thing. You
can't fix it in the masq rules; they can't change that behavior. If a
machine is sending packets the wrong way, you'll have to teach it how to
send them the right way intead.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
