[VLAN] NAT - VLAN - Route - Problem
Jeremy SALMON
jeremy.salmon at openlab.ma
Fri May 11 06:13:47 PDT 2007
Hi,
I'm completly lost with vlan and route configuration on my debian.
This is my architecture :
eth1.401 eth1.2338 eth2
Voice Vlan Public IP Local Network
10.150.11.90 84.16.x.x 192.168.1.1
255.255.255.240 255.255.255.128 255.255.255.0
| | |
BOX
In this box I use :
- NAT to allow the eth2 client connect to Internet from 84.16.x.x
- Asterisk. Phones are in the eth2 network, SIP provider are in
eth1.401
No default gateway in network card.
A simple script to create route and allow NAT and other things...
============= SCRIPT ==================
# Activate IP Forward
echo 1 > /proc/sys/net/ipv4/ip_forward
# Init Iptables
iptables -F
iptables -t nat -F
# NAT
iptables -t nat -A POSTROUTING -o eth0.2338 -s 192.168.1.0/24 -d!
10.0.0.0/8 -j SNAT --to 84.16.x.x
# Add route for Internet Traffic
route add default gw 84.16.x.x
# Add route for my SIP provider. Route all traffic to 10.0.0.0
route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.150.11.1
============= END OF SCRIPT ============
I have a sip phone 192.168.1.200 gateway 192.168.1.1
I have my notebook 192.168.1.100 gateway 192.168.1.1
When I only ping external IP (for example 212.217.0.1) from my
laptop, everything is ok. eth1.2338 is in use
When I only make a call through SIP provider 10.x.x.x everything is
ok. eth1.401 is in use
So it seem route are working....
But for example when I make a call and during this call I ping
212.217.0.1 ping lose 95% of packet. And immediately after hangup the
phone, ping start to work ok....
In IPTRAF I see all the ICMP packet sent throught eth1.2338, and all
the udp phone traffic sent through eth1.401.
But it seem ping don't receive the response, or response arrive to
the eth1.401....
When I ping 212.217.0.1, and during the ping make a call, all the
incoming udp traffic is lost...
Someone can help me with this configuration ? I'm completely lost.....
Thanks in advance,
Jeremy
More information about the Vlan
mailing list