* SNAT kills local stuff?
@ 2003-07-14 18:29 David Busby
0 siblings, 0 replies; 3+ messages in thread
From: David Busby @ 2003-07-14 18:29 UTC (permalink / raw)
To: netfilter
List,
Perhaps I'm missing something, when I enable SNAT it makes it so I can't
resolve names anymore on my machine or make outbound connections it seems.
My Setup:
[ Local (10./24) ] <-> [ netfilter ] <-> [ Internet ]
So I setup iptables like this:
root@repono:/etc# iptables -t filter -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
LOG all -- anywhere anywhere LOG level
warning
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@repono:/etc
Everything is OK, Lan can resolve names and such.
Now I add:
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $EXTERNAL_IP
And it all works, this command:
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to $EXTERNAL_IP
Doesn't work. The LAN is fine, but the localbox cannot connect out.
What is so different about those two commands?
David Busby
Systems Engineer
busby@pnts.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: SNAT kills local stuff?
[not found] <20030714184402.742.30442.Mailman@kashyyyk>
@ 2003-07-14 20:07 ` Willi Mann
0 siblings, 0 replies; 3+ messages in thread
From: Willi Mann @ 2003-07-14 20:07 UTC (permalink / raw)
To: netfilter, busby
Please tell us what you mean by "connect out". Do you mean connections
to any other host or do you mean connections to hosts outside your LAN?
My guess is that the problem occurs because all packets go through the
POSTROUTING chain, not only packets that will go to the Internet. That's
why most examples use (only) -o.
I'd suggest to analyze your IP-Traffic with ethereal.
WM
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: SNAT kills local stuff?
@ 2003-07-14 22:00 George Vieira
0 siblings, 0 replies; 3+ messages in thread
From: George Vieira @ 2003-07-14 22:00 UTC (permalink / raw)
To: David Busby, netfilter
"iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to $EXTERNAL_IP"
Probably because you ignore the -o eth1 on the second line.
Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au
Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
Phone : +61 2 9955 2644
HelpDesk: +61 2 9955 2698
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-07-14 22:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20030714184402.742.30442.Mailman@kashyyyk>
2003-07-14 20:07 ` SNAT kills local stuff? Willi Mann
2003-07-14 22:00 George Vieira
-- strict thread matches above, loose matches on Subject: below --
2003-07-14 18:29 David Busby
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.