Problems with SNAT

All of lore.kernel.org
 help / color / mirror / Atom feed

* Problems with SNAT
@ 2006-09-15  5:55 Yuriy Popyk
  2006-09-15  7:08 ` Patrick McHardy
  0 siblings, 1 reply; 3+ messages in thread
From: Yuriy Popyk @ 2006-09-15  5:55 UTC (permalink / raw)
  To: netfilter-devel

Hello

I have wrote this mail to netfilter@lists.netfilter.org but nobody answered,
so can i ask you ?


 We have a lan with ips in private range
 Problem is described with a following pic

 ----------      ----------
  |  PC2 |-----|  R2   |
  ----------      ----------
                   |
                   |
                 ----------         ----------
                 |   R1  |--------|  PC1 |
                 ----------         ----------
                     |
                 ----------
                  | ISP |
                  ----------

 R1 - router 1, linux
 R2 - router 2, ms windows 2000
 PC1 - pc 1, ms windows XP
 PC1 - pc 1, ms windows 2000

 when I'm trying to set SNAT on R1 for PC1
 # iptables -t nat -A POSTROUTING -s  $pc1 -j SNAT --to-source $ip_to_isp
 it works

 but when I'm trying to set SNAT for PC2
 # iptables -t nat -A POSTROUTING -s  $pc2 -j SNAT --to-source $ip_to_isp
 it fails

 tcpdump -nl -i $ISP_eth
 shows that R1 forwards packets from PC2 to outside world without NATing
 and in the same time packets from PC1 is NATed

 when i made
 # iptables -t filter -A FORWARD -s PC2 -j DROP
 it works, packets from PC2 is not going outside anymore

 i have tried to do SNAT with firewall rules flushed and policies set to ACCEPT
 the problem appeared again

 Thanks in advance

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Problems with SNAT
  2006-09-15  5:55 Problems with SNAT Yuriy Popyk
@ 2006-09-15  7:08 ` Patrick McHardy
  0 siblings, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2006-09-15  7:08 UTC (permalink / raw)
  To: Yuriy Popyk; +Cc: netfilter-devel

Yuriy Popyk wrote:
> Hello
> 
> I have wrote this mail to netfilter@lists.netfilter.org but nobody
> answered,
> so can i ask you ?
> 
> 
> We have a lan with ips in private range
> Problem is described with a following pic
> 
> ----------      ----------
>  |  PC2 |-----|  R2   |
>  ----------      ----------
>                   |
>                   |
>                 ----------         ----------
>                 |   R1  |--------|  PC1 |
>                 ----------         ----------
>                     |
>                 ----------
>                  | ISP |
>                  ----------
> 
> R1 - router 1, linux
> R2 - router 2, ms windows 2000
> PC1 - pc 1, ms windows XP
> PC1 - pc 1, ms windows 2000
> 
> when I'm trying to set SNAT on R1 for PC1
> # iptables -t nat -A POSTROUTING -s  $pc1 -j SNAT --to-source $ip_to_isp
> it works
> 
> but when I'm trying to set SNAT for PC2
> # iptables -t nat -A POSTROUTING -s  $pc2 -j SNAT --to-source $ip_to_isp
> it fails
> 
> tcpdump -nl -i $ISP_eth
> shows that R1 forwards packets from PC2 to outside world without NATing
> and in the same time packets from PC1 is NATed

Do the packets you're trying to NAT belong to a new connection
that is established by PC2?

Please post a tcpdump showing the problem and the relevant entries
from /proc/net/ip_conntrack.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* problems with SNAT
@ 2006-09-12  9:47 Yuriy Popyk
  0 siblings, 0 replies; 3+ messages in thread
From: Yuriy Popyk @ 2006-09-12  9:47 UTC (permalink / raw)
  To: netfilter

Hello


  We have a lan with ips in private range
 Problem is described with a following pic

 ----------      ----------
   |  PC2 |-----|  R2   |
   ----------      ----------
                    |
                    |
                  ----------         ----------
                  |   R1  |--------|  PC1 |
                  ----------         ----------
                      |
                  ----------
                   | ISP |
                   ----------

  R1 - router 1, linux
 R2 - router 2, ms windows 2000
  PC1 - pc 1, ms windows XP
  PC1 - pc 1, ms windows 2000

  when I'm trying to set SNAT on R1 for PC1
  # iptables -t nat -A POSTROUTING -s  $pc1 -j SNAT --to-source $ip_to_isp
 it works

  but when I'm trying to set SNAT for PC2
  # iptables -t nat -A POSTROUTING -s  $pc2 -j SNAT --to-source $ip_to_isp
 it fails

  tcpdump -nl -i $ISP_eth
  shows that R1 forwards packets from PC2 to outside world without NATing
  and in the same time packets from PC1 is NATed

 when i made
  # iptables -t filter -A FORWARD -s PC2 -j DROP
 it works, packets from PC2 is not going outside anymore

  i have tried to do SNAT with firewall rules flushed and policies set to ACCEPT
 the problem appeared again

 Thanks at advance


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2006-09-15  7:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-09-15  5:55 Problems with SNAT Yuriy Popyk
2006-09-15  7:08 ` Patrick McHardy
  -- strict thread matches above, loose matches on Subject: below --
2006-09-12  9:47 problems " Yuriy Popyk

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.