From: Baskaran Mohandass <baski@foundrynet.com>
To: Sietse van Zanen <sietse@wizdom.nu>
Cc: netfilter@lists.netfilter.org
Subject: Re: SNAT issue for locally generated UDP packet
Date: Wed, 15 Jun 2005 01:52:56 -0700 [thread overview]
Message-ID: <42AFEC68.7060806@foundrynet.com> (raw)
In-Reply-To: <02BB8A4AC86C564C89C7F14CF98CE0C4012717@knowledge.wizdom.nu>
Hi Sietse,
I tried with one to one mapping before this one to many iptables
rule. I dont see any effect of this iptables config in the packet. I
even tried MASQ without ip address on the eth1 without any success.
Anyway Thanks for the help. I appreciate it.
Cheers
..baski
Sietse van Zanen wrote:
> Hi,
>
> I think, that your rule does not make sense:
>
> iptables -t nat -A POSTROUTING --protocol udp --source-port 5060 -j SNAT --to-source 5.5.5.7:1024-32000
>
> You are trying to NAT a single port (5060) onto a range of ports (1024-32000). This will not work. NAT should be a many-many or single-single relationship. When many-many, ranges should be exactly the same size. It should be more like:
>
> iptables -t nat -A POSTROUTING --protocol udp --source-port 5060 -j SNAT --to-source 5.5.5.7:1024
>
> Cheers,
>
> Sietse
>
>
> ________________________________
>
> From: netfilter-bounces@lists.netfilter.org on behalf of Baskaran Mohandass
> Sent: Tue 14/06/2005 22:01
> To: netfilter@lists.netfilter.org
> Subject: SNAT issue for locally generated UDP packet
>
>
>
> Hi all,
>
> I am trying to source nat the packet generated locally using
> iptables. Machine is running Fedora core2 and one of the interface
> address is 5.5.5.7. Sip server sends a packet with source port 5060 and
> ip address 5.5.5.7. I want to change the IP address and the source port
> when it goes out. Reading the IPtables manual only rule i can think of is
> iptables -t nat -A POSTROUTING --protocol udp --source-port 5060 -j
> SNAT --to-source 5.5.5.7:1024-32000.
> [root@sipserver2 ~]# uname -a
> Linux sipserver2.baski.com 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST 2004
> i686 i686 i386 GNU/Linux
> Unfortunately it does not work. IPtables also says that locally
> generated packets are modified in the output chain and there is not NAT
> capability in there. I went through all the messages in the archive for
> SNAT and OUTPUT, So I would really appreciate any help on this. If there
> is any patch available for this I am ready to try.
>
> Thanks and Regards
> ..baski
>
>
>
next prev parent reply other threads:[~2005-06-15 8:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-15 8:16 SNAT issue for locally generated UDP packet Sietse van Zanen
2005-06-15 8:52 ` Baskaran Mohandass [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-06-14 20:01 Baskaran Mohandass
2005-06-15 13:57 ` /dev/rob0
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42AFEC68.7060806@foundrynet.com \
--to=baski@foundrynet.com \
--cc=netfilter@lists.netfilter.org \
--cc=sietse@wizdom.nu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox