[ale] iptables SNAT problem
Jerry Yu
jjj863 at gmail.com
Wed Apr 9 22:13:54 EDT 2008
can you post the complete ruleset (iptables -vL -n && iptables -t nat -vL
-n) + routing table on the firewall box?
On Wed, Apr 9, 2008 at 3:29 PM, JK <jknapka at kneuro.net> wrote:
> I am having this same problem again, and I'm just as baffled.
> Flushing and restoring the iptables rules isn't helping this
> time.
>
> It appears that some packets are leaving the firewall box
> without traversing the POSTROUTING chain. WTF? I think
> I need to spend some time on lartc.org this afternoon :-(
>
> -- JK
>
> JK wrote:
> > This is driving me nuts.
> >
> > I have a device that is sending UDP packets from IP
> > address 128.2.1.125, thru my firewall, and out the
> > firewall's eth2 to port 7777 at IP 192.168.1.10. What
> > I want is to SNAT those packets so that the receiver
> > sees them as coming from 128.1.110.104. So on the firewall
> > box I do:
> >
> > iptables -t nat -I POSTROUTING -o eth2 -s 128.2.1.125 -j SNAT
> > --to-source 128.1.110.104
> >
> > This rule never fires. (A similar rule with the "-j SNAT..."
> > replaced with "-j LOG" also never fires.) I can run a tcpdump
> > on eth2 and see these **(&%^$ packets leaving with source address
> > 128.2.1.125. I know I had this working before, but I have no idea
> > how, and I can't really afford to pull out any more of my precious,
> > precious hair. Google has not answered this question; it's dead
> > to me now. Help?
> >
> > Thx,
> >
> > -- JK
> >
> > PS: AAAAAAAAAARGH!!!!!
> >
>
>
> --
> I do not particularly want to go where the money is -
> it usually does not smell nice there. -- A. Stepanov
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080409/6b6ab00e/attachment.html
More information about the Ale
mailing list