[clug] Network routing joy (iptables, bridging, nat)

Francis James Whittle fudje at grapevine.net.au
Tue Sep 1 06:02:15 MDT 2009


Are you sure it's just NAT that fails, or does PPPoE break entirely?

On Tue, 2009-09-01 at 20:36 +1000, David Tulloh wrote:
>      |----------------|
>      |      br0       |
>      |                |  ||-- LAN
> VM --|-- tap1   eth1==|==||
> VM --|-- tap2     ^   |  ||-- Modem, PPPOE
>      |            |   |
>      |------------|---|
>                   |
>                /-----\
>                | NAT |
>                \-----/
>                   |
>                  ppp0
> 
> 
> 
> I have a server with a fairly complex networking setup.  I've tried to 
> depict it above, which should be legible in a fixed-width font.
> 
> The server has a single network card, eth1.  It connects to a local 
> network running on a private subnet.
> 
> I have a modem which provides bridging internet access, the server 
> connects using ppp.  The actual traffic passes through eth1.
> 
> Eth1 is bridged in br0 providing access for VMs running on the server 
> using tap devices.
> 
> The server has a static ip address on br0, it runs a dhcp server that 
> controls the rest of the network.
> 
> All of the above works correctly.
> 
> 
> What does NOT work correctly is NAT.  I want to route all the traffic 
> from the LAN and VMs out ppp0 through a NAT system.
> 
> NAT will work without the bridging but I can't get both to work at the 
> same time.
> 
> 
> Honestly I don't really understand the networking stack in Linux 
> particularly when it gets this complex.  The information I've found 
> online talks about multiple NAT hook points including in the routing 
> layer with iptables and the bridging layer with ebtables.  I've tried a 
> number of different approaches and nothing has so far worked.
> 
> Can anyone help detangle this mess for me and guide me on the correct 
> incantations to make it work?
> 
> 
> David



More information about the linux mailing list