From mboxrd@z Thu Jan 1 00:00:00 1970 From: Grant Taylor Subject: Re: NAT for multiple non-directly connected subnets Date: Thu, 08 Nov 2007 16:23:05 -0600 Message-ID: <47338C49.7070102@riverviewtech.net> References: <1194559495.19115.105.camel@grateful.d.umn.edu> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: netfilter-owner@vger.kernel.org List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Mail List - Netfilter On 11/08/07 16:17, Bradley Kite wrote: > Linux machine has eth1, 192.168.1.50/30, connected to a router > (192.168.1.49/30). Behind this router are many other networks/subnets. > I'm trying to get the linux box to NAT all of them, not just addresses > within this tiny /30 subnet (as is the case now). This should not be a problem. Unless .... (See below.) > Hmm. The pre-routing couters are increasing, but that is all. When I > ping from the router then the post-routing counters increase (because > its directly connected). Ok... > This was my assumption too but I must be missing something. Could this by chance be a reverse path filtering issue? Is it possible that the firewall is not allowing the traffic from the non directly connected /30 to go through. If you look at the counters in the filter:FORWARD chain do you see the traffic passing or is it even making it that far? Grant. . . .