[ale] iptables SNAT problem
JK
jknapka at kneuro.net
Wed Apr 9 15:29:41 EDT 2008
I am having this same problem again, and I'm just as baffled.
Flushing and restoring the iptables rules isn't helping this
time.
It appears that some packets are leaving the firewall box
without traversing the POSTROUTING chain. WTF? I think
I need to spend some time on lartc.org this afternoon :-(
-- JK
JK wrote:
> This is driving me nuts.
>
> I have a device that is sending UDP packets from IP
> address 128.2.1.125, thru my firewall, and out the
> firewall's eth2 to port 7777 at IP 192.168.1.10. What
> I want is to SNAT those packets so that the receiver
> sees them as coming from 128.1.110.104. So on the firewall
> box I do:
>
> iptables -t nat -I POSTROUTING -o eth2 -s 128.2.1.125 -j SNAT
> --to-source 128.1.110.104
>
> This rule never fires. (A similar rule with the "-j SNAT..."
> replaced with "-j LOG" also never fires.) I can run a tcpdump
> on eth2 and see these **(&%^$ packets leaving with source address
> 128.2.1.125. I know I had this working before, but I have no idea
> how, and I can't really afford to pull out any more of my precious,
> precious hair. Google has not answered this question; it's dead
> to me now. Help?
>
> Thx,
>
> -- JK
>
> PS: AAAAAAAAAARGH!!!!!
>
--
I do not particularly want to go where the money is -
it usually does not smell nice there. -- A. Stepanov
More information about the Ale
mailing list