Linux 2.4 and iptables: output includes NAT

Linux 2.4 and iptables: output includes NAT

[Florian Weimer]

On Linux 2.4.14 with the following iptables rule,

  iptables -t nat -A POSTROUTING -o eth1 -p tcp -d $TARGET -j SNAT --to $NEW

tcpdump version 3.6.2 with libpcap 0.6.2 (Debian GNU/Linux versions)
shows the address on the wire for source addresses of IP packets, but
the destination address is displayed with NAT applied, which is
quit confusing.

Sample output ($ORIG is the local address without NAT).  There is an
aliased interface for $NEW and $ORIG on the host on which tcpdump is
running.  Running tcpdump on the destination host shows that only $NEW
is used.

20:51:12.421778 $NEW.3068 > $TARGET.119: SWE 3333853624:3333853624(0) win 5840 <mss 1460,sackOK,timestamp 70130986 0,nop,wscale 0> (DF)
 [tos 0x10]
20:51:12.465066 $NEW.119 > $ORIG.3068: S 3130380818:3130380818(0) ack 3333853625 win 5792 <mss 1460,sackOK,timestamp 519229759 701309
86,nop,wscale 0> (DF)
20:51:12.465316 $NEW.3068 > $TARGET.119: . ack 3130380819 win 5840 <nop,nop,timestamp 70130991 519229759> (DF) [tos 0x10]

Re: Linux 2.4 and iptables: output includes NAT

[Rusty Russell]

On Tue, 29 Jan 2002 20:57:19 +0100
Florian Weimer <fw@deneb.enyo.de> wrote:

> On Linux 2.4.14 with the following iptables rule,
> 
>   iptables -t nat -A POSTROUTING -o eth1 -p tcp -d $TARGET -j SNAT --to $NEW
> 
> tcpdump version 3.6.2 with libpcap 0.6.2 (Debian GNU/Linux versions)
> shows the address on the wire for source addresses of IP packets, but
> the destination address is displayed with NAT applied, which is
> quit confusing.

Yes, this was fixed in later kernels.

Thanks!
Rusty.
-- 
  Anyone who quotes me in their sig is an idiot. -- Rusty Russell.