[oclug] Repost from OCLUG Tech list
oclug at raj.homelinux.com
Thu Sep 3 11:20:53 EDT 2009
this should work, it is exactly what iproute2 is built for.
whats the output of 'ip route show table all' and 'ip rule show' - those
2 should help you figure out what's going on. Also, tcpdump filtered on
the misdirected subnets should give you some idea of where they're being
directed (and possibly why)
On 09/02/2009 05:47 PM, Bill Strosberg wrote:
> Stephen Gregory wrote:
>> Bill Strosberg wrote:
>>> What I want to do is have packets from all of the specified external
>>> subnets routed out of the firewall to the address 10.20.0.1 on eth3.
>>> Basically, all external traffic from these source address ranges need to
>>> be forwarded to the VOIP provider's router, with no exception.
>>> Any ideas?
>> Does the VoIP provider initiate the connections back to the VoIP router?
>> Or does the VoIP router initial the connection to the provider. The
>> latter is how my VoIP worked. If this is the case then you should not
>> need anything other then MASQ for the voip router.
>> If the VoIP provider initiates connections to the the firewall then you
>> need DNAT to change the destinate address of the packet from the
>> firewall's external IP to the VoIP router.
>> The routing is only going to work if the VoIP provider sends packet
>> addressed to 10.20.0.1 via the firewall. As 10.20.0.1 is non-routable
>> this is unlikely to happen.
> This is the same conclusion I reached until I thought iproute2 would be
> able to route the packets from the VOIP provider's specified subnets
> based on the source address. I created a new routing table intended to
> handle packets from the specified range(s) which in theory should get
> sent out eth3. They don't, so I've missed something or didn't understand
> the documentation right (a distinct possibility).
> Connections are initiated BY the VOIP provider TO their router from the
> Internet. This is an outsourced VOIP solution, so calls ring at the VOIP
> provider's terminus, and are routed across the Internet to my client's
> As I read the iproute2 source routing docs, I thought I should be able
> to do this.
More information about the OCLUG