* Problem with NAT rule
@ 2010-07-24 13:41 Pete Kay
2010-07-24 13:51 ` Jan Engelhardt
2010-07-24 16:13 ` Pieter Smit
0 siblings, 2 replies; 6+ messages in thread
From: Pete Kay @ 2010-07-24 13:41 UTC (permalink / raw)
To: netfilter
Hi,
I would like to setup my iptable rules to forward udp packet from one
device to another:
192.168.1.100:16385 <---------> 192.168.1.114:29848 :: 192.168.1.200
:29850 <----------> 192.168.1.300:10112
What I want to do is forward all packets from 192.168.1.100:16385 to
192.168.1.300:10112 and all packets from 192.168.1.300:10112 to
192.168.1.100:16385
Here is my iptables rule:
Building chain index
Number of user defined chains:0 bucket_sz:40 array_sz:0
iptc_first_chain: : returning `PREROUTING'
iptc_get_policy: called for chain PREROUTING
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
iptc_first_rule: first rule(PREROUTING): 0xc02ac0
WARNING: handle->chain_index_sz == 0
DNAT udp -- 192.168.1.100 anywhere udp
spt:16385 to:192.168.1.300:10112
iptc_next_rule: rule_iterator_cur=0xc02d00...next=0xc02e20,
head=0xc02a90...returning rule 0xc02e20
WARNING: handle->chain_index_sz == 0
DNAT udp -- 192.168.1.300 anywhere udp
spt:10112 to:192.168.1.100:16385
iptc_next_rule: rule_iterator_cur=0xc02e20...next=0xc02a90,
head=0xc02a90...finished, returning NULL
iptc_next_chain: : returning `POSTROUTING'
iptc_get_policy: called for chain POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
iptc_first_rule: first rule(POSTROUTING): 0xc030b0
WARNING: handle->chain_index_sz == 0
SNAT udp -- 192.168.1.100 anywhere udp
spt:16385 to:192.168.1.200:29848
iptc_next_rule: rule_iterator_cur=0xc032f0...next=0xc03410,
head=0xc03080...returning rule 0xc03410
WARNING: handle->chain_index_sz == 0
SNAT udp -- 192.168.1.300 anywhere udp
spt:10112 to:192.168.1.200:29850
iptc_next_rule: rule_iterator_cur=0xc03410...next=0xc03080,
head=0xc03080...finished, returning NULL
iptc_next_chain: : returning `OUTPUT'
iptc_get_policy: called for chain OUTPUT
===========
When I send packet from the two devices, I am just getting packets
going into 192.168.1.200 instead of any packet going out:
20:57:57.765252 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11386 1869684
20:57:57.784333 IP 192.168.1.100:16385 > 192.168.1.200 :29848: udp/rtp
240 c0 17019 125650088
20:57:57.785250 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11387 1869844
20:57:57.805246 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11388 1870004
20:57:57.815415 IP 192.168.1.100:16385 > 192.168.1.200 :29848: udp/rtp
240 c0 17020 125650328
20:57:57.825249 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11389 1870164
20:57:57.843951 IP 192.168.1.100:16385 > 192.168.1.200 :29848: udp/rtp
240 c0 17021 125650568
20:57:57.845247 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11390 1870324
20:57:57.865242 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11391 1870484
20:57:57.874332 IP 192.168.1.100:16385 > 192.168.1.200 :29848: udp/rtp
240 c0 17022 125650808
20:57:57.885242 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11392 1870644
20:57:57.903563 IP 192.168.1.100:16385 > 192.168.1.200 :29848: udp/rtp
240 c0 17023 125651048
20:57:57.905242 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11393 1870804
20:57:57.925240 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11394 1870964
20:57:57.935888 IP 192.168.1.100:16385 > 192.168.1.200 :29848: udp/rtp
240 c0 17024 125651288
20:57:57.945240 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11395 1871124
20:57:57.964250 IP 192.168.1.100:16385 > 192.168.1.200 :29848: udp/rtp
240 c0 17025 125651528
20:57:57.965238 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11396 1871284
20:57:57.985233 IP 192.168.1.300:10112 > 192.168.1.200 :29850: udp/rtp
160 c0 11397 1871444
Can someone please help me to put out the problem in my iptable rules?
thanks,
P
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with NAT rule
2010-07-24 13:41 Problem with NAT rule Pete Kay
@ 2010-07-24 13:51 ` Jan Engelhardt
2010-07-24 14:09 ` Pete Kay
2010-07-24 16:13 ` Pieter Smit
1 sibling, 1 reply; 6+ messages in thread
From: Jan Engelhardt @ 2010-07-24 13:51 UTC (permalink / raw)
To: Pete Kay; +Cc: netfilter
On Saturday 2010-07-24 15:41, Pete Kay wrote:
>Hi,
>
>I would like to setup my iptable rules to forward udp packet from one
>device to another:
>
>192.168.1.100:16385 <---------> 192.168.1.114:29848 :: 192.168.1.200
>:29850 <----------> 192.168.1.300:10112
>
>What I want to do is forward all packets from 192.168.1.100:16385 to
>192.168.1.300:10112 and all packets from 192.168.1.300:10112 to
>192.168.1.100:16385
>
>Here is my iptables rule:
Routing does forwarding; nf_nat does NAT, those are two separate things.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with NAT rule
2010-07-24 13:51 ` Jan Engelhardt
@ 2010-07-24 14:09 ` Pete Kay
2010-07-24 16:29 ` ZHOU Xiaobo
0 siblings, 1 reply; 6+ messages in thread
From: Pete Kay @ 2010-07-24 14:09 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
Hi Jan,
Sorry I am new to iptables setup. Could you give me some insight as
to how I can configure iptables to achieve the packet forwarding
function?
thanks,
P
On Sat, Jul 24, 2010 at 9:51 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
> On Saturday 2010-07-24 15:41, Pete Kay wrote:
>
>>Hi,
>>
>>I would like to setup my iptable rules to forward udp packet from one
>>device to another:
>>
>>192.168.1.100:16385 <---------> 192.168.1.114:29848 :: 192.168.1.200
>>:29850 <----------> 192.168.1.300:10112
>>
>>What I want to do is forward all packets from 192.168.1.100:16385 to
>>192.168.1.300:10112 and all packets from 192.168.1.300:10112 to
>>192.168.1.100:16385
>>
>>Here is my iptables rule:
>
>
> Routing does forwarding; nf_nat does NAT, those are two separate things.
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with NAT rule
2010-07-24 14:09 ` Pete Kay
@ 2010-07-24 16:29 ` ZHOU Xiaobo
0 siblings, 0 replies; 6+ messages in thread
From: ZHOU Xiaobo @ 2010-07-24 16:29 UTC (permalink / raw)
To: netfilter
I think you should use IPROUTE2 instead of IPTABLES.
----- Original Message -----
From: "Pete Kay" <petedao@gmail.com>
To: "Jan Engelhardt" <jengelh@medozas.de>
Cc: netfilter@vger.kernel.org
Sent: 2010年 7 月 24日, 星期六 下午 10:09:46 GMT +08:00 Beijing / Chongqing / Hong Kong / Urumqi
Subject: Re: Problem with NAT rule
Hi Jan,
Sorry I am new to iptables setup. Could you give me some insight as
to how I can configure iptables to achieve the packet forwarding
function?
thanks,
P
On Sat, Jul 24, 2010 at 9:51 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
> On Saturday 2010-07-24 15:41, Pete Kay wrote:
>
>>Hi,
>>
>>I would like to setup my iptable rules to forward udp packet from one
>>device to another:
>>
>>192.168.1.100:16385 <---------> 192.168.1.114:29848 :: 192.168.1.200
>>:29850 <----------> 192.168.1.300:10112
>>
>>What I want to do is forward all packets from 192.168.1.100:16385 to
>>192.168.1.300:10112 and all packets from 192.168.1.300:10112 to
>>192.168.1.100:16385
>>
>>Here is my iptables rule:
>
>
> Routing does forwarding; nf_nat does NAT, those are two separate things.
>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with NAT rule
2010-07-24 13:41 Problem with NAT rule Pete Kay
2010-07-24 13:51 ` Jan Engelhardt
@ 2010-07-24 16:13 ` Pieter Smit
2010-07-25 8:38 ` Pete Kay
1 sibling, 1 reply; 6+ messages in thread
From: Pieter Smit @ 2010-07-24 16:13 UTC (permalink / raw)
To: Pete Kay; +Cc: netfilter
A couple of questions.
1. You have 3 devices, with the FW with two interfaces 192.168.1.114
and 192.168.1.200 in each subnet ?
2. The two outside hosts will connect to udp ports on the FW device
that will be translated to the other device ?
3. Is the udp streams in one direction ? Does it matter to the udp
receiver where the packet comes from or will it always send return
traffic to the FW ip ?
Cheers,
Pieter
On Sat, Jul 24, 2010 at 3:41 PM, Pete Kay <petedao@gmail.com> wrote:
> Hi,
>
> I would like to setup my iptable rules to forward udp packet from one
> device to another:
>
> 192.168.1.100:16385 <---------> 192.168.1.114:29848 :: 192.168.1.200
> :29850 <----------> 192.168.1.300:10112
>
> What I want to do is forward all packets from 192.168.1.100:16385 to
> 192.168.1.300:10112 and all packets from 192.168.1.300:10112 to
> 192.168.1.100:16385
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with NAT rule
2010-07-24 16:13 ` Pieter Smit
@ 2010-07-25 8:38 ` Pete Kay
0 siblings, 0 replies; 6+ messages in thread
From: Pete Kay @ 2010-07-25 8:38 UTC (permalink / raw)
To: Pieter Smit; +Cc: netfilter
On Sun, Jul 25, 2010 at 12:13 AM, Pieter Smit <mlist2010@vigor.co.za> wrote:
> A couple of questions.
>
> 1. You have 3 devices, with the FW with two interfaces 192.168.1.114
> and 192.168.1.200 in each subnet ?
>
Hi, The FW device only has one interface and it should all be
192.168.1.200. It was a typo. The redirector should only have one
interface with ip 192.168.1.200.
> 2. The two outside hosts will connect to udp ports on the FW device
> that will be translated to the other device ?
yes
>
> 3. Is the udp streams in one direction ? Does it matter to the udp
> receiver where the packet comes from or will it always send return
> traffic to the FW ip ?
>
Yes, the udp is for both direction. The FW ip ( 192.168.1.200) should
just redirect packets from one to another and vice versa.
> Cheers,
> Pieter
>
> On Sat, Jul 24, 2010 at 3:41 PM, Pete Kay <petedao@gmail.com> wrote:
>> Hi,
>>
>> I would like to setup my iptable rules to forward udp packet from one
>> device to another:
>>
>> 192.168.1.100:16385 <---------> 192.168.1.114:29848 :: 192.168.1.200
>> :29850 <----------> 192.168.1.300:10112
>>
>> What I want to do is forward all packets from 192.168.1.100:16385 to
>> 192.168.1.300:10112 and all packets from 192.168.1.300:10112 to
>> 192.168.1.100:16385
>>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-07-25 8:38 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-24 13:41 Problem with NAT rule Pete Kay
2010-07-24 13:51 ` Jan Engelhardt
2010-07-24 14:09 ` Pete Kay
2010-07-24 16:29 ` ZHOU Xiaobo
2010-07-24 16:13 ` Pieter Smit
2010-07-25 8:38 ` Pete Kay
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.