Problem with SNAT - Ian Batterbee

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ian Batterbee <ian.batterbee@aut.ac.nz>
To: netfilter@lists.netfilter.org
Subject: Problem with SNAT
Date: Thu, 25 May 2006 07:59:36 +1200	[thread overview]
Message-ID: <4474BB28.1050801@aut.ac.nz> (raw)

For those of you who remember my problem from a week or so ago, this is 
a continuation of the same thing.

I've now changed from using MASQ to using SNAT in order to work around 
the problem where MASQ and policy routing don't work together, however 
I've run into a new problem.

My linux box has 3 interfaces -
eth0 - 192.168.0.1/24 (outside - goes to an adsl modem
eth1 - x.x.252.33/29   (inside)
ppp0 - z.z.2.204/32 (ssh tunnel to work)

In order to source nat anything I route down the tunnel onto the 
tunnel's IP address,I have the following SNAT command active:

iptables -t nat -I POSTROUTING -o ppp0 -j SNAT --to-source z.z.2.204

The problem is that the -o ppp0 bit seems to be being ignored. If I ssh 
from my windows machine (x.x.252.36) to x.x.252.33,  my address gets 
translated to z.z.2.204, even though it the address I connect to is on 
the same subnet. I.e., it shouldn't have gone anywhere near the ppp0 
interface.

A tcpdump -n shows that the SYN comes from the correct address of 
x.x.252.36, and the reply is sent there, but unless I add ALL:z.z.2.204 
into /etc/hosts, sshd resets the tcp connection, strongly suggesting 
that the SNAT has occured by the time the sshd process sees the packet.

Is this expected behaviour ?

next             reply	other threads:[~2006-05-24 19:59 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-24 19:59 Ian Batterbee [this message]
  -- strict thread matches above, loose matches on Subject: below --
2017-07-16 22:07 Problem with snat sorcus
2017-07-17  6:22 ` Arturo Borrero Gonzalez
2017-07-17 12:50   ` sorcus
2004-09-02 18:57 Problem with SNAT Bgs
2004-09-02 20:17 ` Jason Opperisano
2004-09-03 11:06   ` Alistair Tonner
2004-09-03 17:00   ` Bgs

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4474BB28.1050801@aut.ac.nz \
    --to=ian.batterbee@aut.ac.nz \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.