SNAT: I'm going insane - Brian Capouch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Brian Capouch <brianc@palaver.net>
To: netfilter@lists.netfilter.org
Subject: SNAT: I'm going insane
Date: Sat, 31 Jan 2004 02:04:54 -0500	[thread overview]
Message-ID: <401B5396.8080202@palaver.net> (raw)

This ought to be the simplest thing in the world, and I have rules like 
this that work.  I hope someone can see something glaringly wrong with 
what I'm doing here:

I want to SNAT all traffic from an internal address (10.2.2.2) to an 
external one.  So I add to my rules:

iptables -t nat -I POSTROUTING -s 10.2.2.2 -j SNAT --to-source 
206.230.187.15

I test and my ssh traffic is passing perfectly; I go out to machines on 
the net and they show me coming in from 206.230.187.15.

But some--BUT NOT ALL--of my UDP traffic seems to be heading out without 
any change.

A short sniff on the *output* interface shows:

02:31:56.696763 10.2.2.2.4569 > blah.blah.net.4569: udp 25 (DF) [tos 
0x10] 

02:31:58.699259 10.2.2.2.4569 > blah.blah.net.4569: udp 25 (DF) [tos 
0x10] 

02:32:06.704660 10.2.2.2.4569 > blah.blah.net.4569: udp 12 (DF) [tos 0x10

And the packet counters (which I reset for the test) show nothing 
passing through:

     0     0 SNAT       all  --  *      eth1    10.2.2.2 
0.0.0.0/0        to:206.230.187.15

UDP traffic going to port 5036, which is heading from this same machine 
to the same remote endpoint machine, gets NATted perfectly.

***************************************

Does anyone know what I'm doing wrong?  Other similar rules in this same 
table seem to be doing just what they need to. . . .

Thanks in advance for anyone who might be able to offer a potential 
explanation.

B.

next             reply	other threads:[~2004-01-31  7:04 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-01-31  7:04 Brian Capouch [this message]
2004-01-31 17:55 ` SNAT: I'm going insane John A. Sullivan III
2004-01-31 18:58 ` Mark E. Donaldson
  -- strict thread matches above, loose matches on Subject: below --
2004-01-31 19:00 Carl Farrington
2004-01-31 19:20 ` Mark E. Donaldson
2004-01-31 19:22 Carl Farrington
2004-01-31 19:37 ` Cedric Blancher
     [not found]   ` <401C05E1.5030204@palaver.net>
2004-01-31 21:06     ` Cedric Blancher

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=401B5396.8080202@palaver.net \
    --to=brianc@palaver.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.