Kernel 2.2 has advanced the routing capabilities of Linux quite a bit. Unfortunately the documentation for using these new capabilities is almost impossible to find, even if it does exist.
I have put some time into it and have been able to do a little with it. I will add more as I have time and help to figure out what it all means.
In kernel 2.0 and below Linux used the standard route command to place routes in a single routing table. If you were to type netstat -rn at the Linux prompt you could see and example.
In the newer kernels (2.1 and above) you have another option. This option is rule based and allows you to have multiple routing tables. The new rules allow a great deal of flexibility in deciding how a packet is handled. You can choose between routes based not only on the destination address, but the source address, TOS, or incoming device.
Listing the Routing Table:
ip route
Now on my machine this equates to the following output:
207.149.43.62 dev eth0 scope link
207.149.43.0/24 dev eth0 proto kernel scope link src 207.149.43.62
default via 207.149.43.1 dev eth0
The first line:
207.149.43.62 dev eth0 scope link is the route for the interface
The second line:
207.149.43.0/24 dev eth0 proto kernel scope link src 207.149.43.62 Is the route that says everything that goes to 207.149.43.0 needs to go out 207.149.43.62.
The third line:
default via 207.149.43.1 dev eth0 is the default route.
Now that we have walked through a basic routing table. Lets see how we use it. First read the Policy routing text. If you get confused, don't worry -- it is a confusing text. It will give you the run down on everything that the new routing code can do.
In the previous section we spoke about listing the routing table and what the basics of that listing meant. Well, luckily the output is very similar to the syntax that you would use to implement that exact routing table on your own.
ip route add 207.149.43.62 dev eth0 scope link
ip route add 207.149.43.0/24 dev eth0 proto kernel scope link src 207.149.43.62
ip route add 127.0.0.0/8 dev lo scope link
ip route add default via 207.149.43.1 dev eth0
As you can see the output and input are almost exact except for the adding of the ip route add in front of the line.
Note: We are aware that the documentation on Routing with 2.2 is sorely lacking. In fact, I think EVERYONE is aware of it. If you have any experience in this please contact us at poet@linuxports.com we would like to get information you have to help further document this.
The IP Network Address Translation facility is pretty much the standardized big brother of the Linux IP Masquerade facility. It is specified in some detail in RFC-1631 at your nearest RFC archive. NAT provides features that IP-Masquerade does not that make it eminently more suitable for use in corporate firewall router designs and larger scale installations.
An alpha implementation of NAT for Linux 2.0.29 kernel has been developed by
Michael.Hasenstein, Michael.Hasenstein@informatik.tu-chemnitz.de. Michaels
documentation and implementation are available from:
Linux IP Network Address Web Page
The much improved TCP/IP stack of Linux 2.2 kernel has NAT functionality built-in. This facility seems to obsolete the work by Michael Hasenstein (Michael.Hasenstein@informatik.tu-chemnitz.de).
To get it work you need kernel with enabled CONFIG_IP_ADVANCED_ROUTER, CONFIG_IP_MULTIPLE_TABLES (aka policy routing) and CONFIG_IP_ROUTE_NAT (aka fast NAT). Also, if you want to use finer grained NAT rules, you may also want to turn on firewalling (CONFIG_IP_FIREWALL) and CONFIG_IP_ROUTE_FWMARK. To actually operate these kernel features you will need the "ip" program by Alexey Kuznyetsov from ftp://ftp.inr.ac.ru/ip-routing/.
Incoming datagrams NAT
Now, to translate addresses of incoming datagrams, following command is used:
ip route add nat <ext-addr>[/<masklen>] via <int-addr>
This will make incoming packet destined to "ext-addr" (the address visible from outside internet) to have its destination address field rewritten to "int-addr" (the address in your internal network, behind your gateway/firewall). The packet is then routed further according local routing table. You can translate either single host addresses, or complete blocks. Examples:
ip route add nat 195.113.148.34 via 192.168.0.2
ip route add nat 195.113.148.32/27 via 192.168.0.0
First command will make internal address 192.168.0.2 accessible as 195.113.148.34. The second example shows remapping block 192.168.0.0-31 to 195.113.148.32-63.