- # We now need to set up a separate routing table for
- # all traffic we originate and with a destination that is
- # outside of the local private network and route these
- # packets via the NAT-GW
-
-
- # Mark all outgoing packets that have the private address
- # as source address with fwmarker 11
- # We expect that the only time the the source address will be
- # selected as the private address would be when there are
- # no static or public addresses assigned at all to the node.
- # Othervise the routing would have picked a different address.
- #
- # Except for traffic to the ssh daemon, so that it is easier
- # to test in the lab without disrupting the ssh sessions
- iptables -A OUTPUT -t mangle -s $NATGW_PRIVATE_NETWORK -d ! $NATGW_PRIVATE_NETWORK -p tcp --sport 22 -j ACCEPT
- iptables -A OUTPUT -t mangle -s $NATGW_PRIVATE_NETWORK -d ! $NATGW_PRIVATE_NETWORK -j MARK --set-mark 11
-
-
- # create a routing table for the natgw traffic and set it
- # up with both an interface toute for the private network
- # as well as a default route that goes via the NAT-GW
- ip route add $NATGW_PRIVATE_NETWORK dev $NATGW_PRIVATE_IFACE table 11
- ip route add 0.0.0.0/0 via $FIRSTIP dev $NATGW_PRIVATE_IFACE table 11 >/dev/null 2>/dev/null
-
- # Create a rule to use routing table 11 for these packets
- ip rule add fwmark 11 table 11
+ # Assign the public ip to the private interface and make
+ # sure we dont respond to ARPs.
+ # We do this so that the ip address will exist on a
+ # non-loopback interface so that samba may send it along in the
+ # KDC requests.
+ ip addr add $NATGW_PUBLIC_IP_HOST dev $NATGW_PRIVATE_IFACE
+ ip route add 0.0.0.0/0 via $FIRSTIP metric 10