From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: Problems with SNAT Date: Fri, 15 Sep 2006 09:08:08 +0200 Message-ID: <450A5158.8090709@trash.net> References: <8a3f83490609142255r4785dc2fucaa1813179ae67bb@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: netfilter-devel@lists.netfilter.org Return-path: To: Yuriy Popyk In-Reply-To: <8a3f83490609142255r4785dc2fucaa1813179ae67bb@mail.gmail.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Yuriy Popyk wrote: > Hello > > I have wrote this mail to netfilter@lists.netfilter.org but nobody > answered, > so can i ask you ? > > > We have a lan with ips in private range > Problem is described with a following pic > > ---------- ---------- > | PC2 |-----| R2 | > ---------- ---------- > | > | > ---------- ---------- > | R1 |--------| PC1 | > ---------- ---------- > | > ---------- > | ISP | > ---------- > > R1 - router 1, linux > R2 - router 2, ms windows 2000 > PC1 - pc 1, ms windows XP > PC1 - pc 1, ms windows 2000 > > when I'm trying to set SNAT on R1 for PC1 > # iptables -t nat -A POSTROUTING -s $pc1 -j SNAT --to-source $ip_to_isp > it works > > but when I'm trying to set SNAT for PC2 > # iptables -t nat -A POSTROUTING -s $pc2 -j SNAT --to-source $ip_to_isp > it fails > > tcpdump -nl -i $ISP_eth > shows that R1 forwards packets from PC2 to outside world without NATing > and in the same time packets from PC1 is NATed Do the packets you're trying to NAT belong to a new connection that is established by PC2? Please post a tcpdump showing the problem and the relevant entries from /proc/net/ip_conntrack.