Re: Connection failing to SNAT

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gavin Carr <gavin@openfusion.com.au>
To: netfilter@lists.netfilter.org
Subject: Re: Connection failing to SNAT
Date: Wed, 26 Jan 2005 10:29:43 +1100	[thread overview]
Message-ID: <20050125232943.GA22043@openfusion.com.au> (raw)
In-Reply-To: <20050125111802.GA19384@openfusion.com.au>

On Tue, Jan 25, 2005 at 10:18:02PM +1100, Gavin Carr wrote:
> Added some logging like so:
> 
>   # Log mangle POSTROUTING
>   $IPT -t mangle -A POSTROUTING -o $EXT -j LOG --log-prefix 'MANGLE POST: '
> 
>   # Turn on SNAT
>   $IPT -t nat -A POSTROUTING -o $EXT -j LOG --log-prefix 'POSTROUTING1: '
>   $IPT -t nat -A POSTROUTING -o $EXT -j SNAT --to-source 203.213.47.14
>   $IPT -t nat -A POSTROUTING -o $EXT -j LOG --log-prefix 'POSTROUTING2: '
> 
> and all I see in the logs for the bad connection is the 'MANGLE POST'
> packets - no 'POSTROUTING1' shows up at all. So it looks like the packets
> are just skipping the nat table altogether somehow?

This does seem to be the core problem - packets are being logged in the 
mangle POSTROUTING table, but then not showing up in the nat POSTROUTING 
table. Not all packets, though - just these problem ones. Anyone have
any idea how this can happen? All the diagrams I've seen seem to indicate
that mangle and nat postrouting are strictly sequential?

All suggestions gratefully received.

Cheers,
Gavin

     prev parent reply	other threads:[~2005-01-25 23:29 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-25 11:18 Connection failing to SNAT Gavin Carr
2005-01-25 12:16 ` George Alexandru Dragoi
2005-01-25 23:29 ` Gavin Carr [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050125232943.GA22043@openfusion.com.au \
    --to=gavin@openfusion.com.au \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.