* ROUTE + SNAT Problem
@ 2004-02-04 16:13 tonton19
2004-02-04 17:01 ` Cedric Blancher
0 siblings, 1 reply; 2+ messages in thread
From: tonton19 @ 2004-02-04 16:13 UTC (permalink / raw)
To: netfilter
I've got a very strange problem using ROUTE and SNAT targets.
First, I type these two rules :
# iptables -t nat -A PREROUTING -d 20.1.0.1 -p tcp --dport 80 -j DNAT --to-destination 173.20.0.210
# iptables -t nat -A POSTROUTING -d 173.20.0.210 -p tcp --dport 80 -j SNAT --to-source 20.1.0.2
everything works, all is ok, each packet which matches with the first rule, matches with the second too. But, when I declare the following rule :
# iptables -t mangle -A POSTROUTING -d 173.20.0.210 -p tcp --dport 80 -j ROUTE --oif eth0
the second rule (with SNAT target) no longer works !!! I can see with iptables -t nat --list --verbose that no packet match with the second rule. In the other hand the third rules (with ROUTE target) works well. So, please help me ! Wat's the problem ? Is there an incompatibility beetween ROUTE and SNAT targets ? or my rules are not good ?
Thank you for your help
Gwen
------------------------------------------
Faites un voeu et puis Voila ! www.voila.fr
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: ROUTE + SNAT Problem
2004-02-04 16:13 ROUTE + SNAT Problem tonton19
@ 2004-02-04 17:01 ` Cedric Blancher
0 siblings, 0 replies; 2+ messages in thread
From: Cedric Blancher @ 2004-02-04 17:01 UTC (permalink / raw)
To: tonton19; +Cc: netfilter
Le mer 04/02/2004 à 17:13, tonton19 a écrit :
> everything works, all is ok, each packet which matches with the first
> rule, matches with the second too. But, when I declare the following
> rule :
> # iptables -t mangle -A POSTROUTING -d 173.20.0.210 -p tcp --dport 80
> -j ROUTE --oif eth0
> the second rule (with SNAT target) no longer works !!! I can see with
> iptables -t nat --list --verbose that no packet match with the second
> rule. In the other hand the third rules (with ROUTE target) works
> well. So, please help me ! Wat's the problem ? Is there an
> incompatibility beetween ROUTE and SNAT targets ? or my rules are not
> good ?
As far as I can remember, use of ROUTE target stops NF_IP_POST_ROUTING
crossing to send packet directly. For mangle table is prior to nat one,
then SNAT rules are not evaluated.
You should have a look to very last patch-o-matic (maybe still CVS)
where ROUTE target include a special option for continue hook traversal.
See :
http://cvs.netfilter.org/netfilter/patch-o-matic/extra/ROUTE.patch
"Updated version with new option to continue rule-traversal
(Cedric de Launois)"
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-02-04 17:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-02-04 16:13 ROUTE + SNAT Problem tonton19
2004-02-04 17:01 ` Cedric Blancher
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.