peculiar netfilter behaviour

linux-admin.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: urgrue <urgrue@tumsan.fi>
To: linux-admin@vger.kernel.org
Subject: peculiar netfilter behaviour
Date: Thu, 16 Jan 2003 11:55:13 +0200	[thread overview]
Message-ID: <20030116095513.GA10056@fede2.tumsan.fi> (raw)

here's what happens:
i trace from my box A to address B.
a router on the way NATs the destination into Z.
the next router (X) sends back a ttl exceeded message (ie from X to A, 
ttl exceeded), just as it should.
however, this ttl exceeded message is being natted! the router that NATs
is converting X into B??? why on earth is this? its definitely not my 
NAT rules.
i can only assume it has something do with statefulness. a bug or a 
feature?

in more detail:
my natting router:
Chain PREROUTING (policy ACCEPT)
DNAT       all  --  0.0.0.0/0            address B         to:address Z
Chain POSTROUTING (policy ACCEPT)
SNAT       all  --  address Z            0.0.0.0/0          to:address B

so trace shows:
traceroute to <address B> from <address A>, 30 hops max, 40 byte packets
  1  <the NAT router>  4 ms  4 ms  4 ms
  2  <address B>  4 ms  4 ms  4 ms
  3  * * *
  4 
in fact nr.2 is NOT from B, as B isnt even on. with tcpdump i can see 
that that mysterious number 2 packet is in fact
originally "from X to A" and after it passes my natting router it is 
converted into "from Z to A".

any help on how to get around this undesired behaviour is appreciated.

urgrue

                 reply	other threads:[~2003-01-16  9:55 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030116095513.GA10056@fede2.tumsan.fi \
    --to=urgrue@tumsan.fi \
    --cc=linux-admin@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).