i recently started to play a little bit with iptables and routing and came across the following problem:
i have four servers A,B,C,D with ip_forwarding enabled and my goal is simply to route icmp echo requests through the chain while keeping the original IP. unfortunately, the forwarding is not working properly.
(A = 192.168.0.1 = eth0) <—> (B = 192.168.0.2 = eth0, 192.168.1.2 = eth1) <—> (B = 192.168.1.3 = eth0, 192.168.2.3 = eth1) <—> (D=192.168.2.4 = eth0)
further, I have the following routes:
- A: 192.168.2.4 via 192.168.0.2
- B: 192.168.2.4 via 192.168.1.3
- C: –
- D: –
so my intention behind this toy example was that requests are routed through the chain according to the static routes. Of course i know that the ping won't succeed, cause D & C do not have routes to A. But my intention was simply to detect the traffic with tcpdump.
In general, i thought that the packets would simply be forwarded by looking up routes in the routing table and are then sent to the respective destination or gateway. However, without using NAT this does not seem to work. the icmp requests are received by C on eth0, however, C does not forward them to D.
Of course I could use some masquerade/snat on B and (i haven't tested it), but i'm quite sure that D will receive the request from B ("instead" of A).
Is this in general possible to perform "multi-hop" routing without using NAT?
Or are there only some iptables FORWARD rules missing which would allow me to do this?
Is there any possibility to debug/lookup what iptables does with the packets? currently, i only found the LOG target, but to be honest, create all rules twice is really annoying..