Re: Modifying Source Ip on input/prerouting

[Stephane Jourdois <netfilter@rubis.org>]

On Wed, Dec 11, 2002 at 04:02:07PM +0100, Andrea Rossato wrote:
> Stephane Jourdois wrote:
> >I would need to be able to modify the source ip on input GRE paquets.
> >This is because I'm trying to setup a pptp tunnel, via a router that
> >doesn't NAT correctly the GRE.
> >The client receives GRE, but replies with it's own local ip, then my
> >server cannot receive the answers... If I could just change the source
> >ip on those paquets, that would be perfect...
> 
> i don't know if I've got your problem correctly, also because I don't 
> know pptp too much (so, shut up, you'll say...;)
no, no, I won't ;-)

> if you want to match gre packets and change their source address (not 
> the source addr. of encapsulated packets) you should be able with
> iptables -A POSTROUTING -t nat -p gre -j SNAT --to-source 
> new-grepacket-source-addr
> this will match all outgoing (from the client) traffic using gre protocol.
The problem is that I wan't to change the incoming traffic...
What I would need is something similar to :
	-A PREROUTING -j SNAT --from-source xxx

> but is this what you need?
> where are the tunnel end points? the router has two tunnels connecting 
> the server and the client? the tunnel is between the router and the server?
The server is My linux machine, on which I wan't to modify the GRE
traffic, because I don't have access to the gateway of the client (a
windows 2k, but that doesn't matter).

> Instead, if you want to change source address of encasplulated packets, 
> that would be interesting...
mmm No, they are not. Well, they are over IP ;-)

Thanks for your help, anyway.

-- 
 ///  Stephane Jourdois        	/"\  ASCII RIBBON CAMPAIGN \\\
(((    Ingénieur développement 	\ /    AGAINST HTML MAIL    )))
 \\\   6, av. George V	         X                         ///
  \\\  75008  Paris             / \    +33 6 8643 3085    ///