Re: Iptables SNAT for pkt generated by internal process

[Alexandru Dragoi <alex@zoomnet.ro>]

moniacheli@tiscali.it wrote:

>I think I could use these commands:
>
>iptables -t mangle -A OUTPUT -p udp --dport 514 -j MARK --set-mark 13
>iptables -t nat -A POSTROUTING -- mark 13 -SNAT x.x.x.x
>
>I tried, but I had this problem on first command:
>"Couldn't load match `MARK':/lib//iptables/libipt_MARK.so: cannot open 
>shared object file: No such file or directory"
>
>Are the commands above rigth and is it sufficient to copy libipt_MARK.
>so into :/lib//iptables/ directory to solve my problem?
>
>Thanks a lot to Alexandru Dragoi
>
>Bye Monia
>
>----Messaggio originale----
>Da: alex@zoomnet.ro
>Data: 16/05/2006 13.00
>A: "moniacheli@tiscali.it"<moniacheli@tiscali.it>
>Cc: <netfilter@lists.netfilter.org>
>Ogg: Re: Iptables SNAT for pkt generated by internal process
>
>moniacheli@tiscali.it wrote:
>
>  
>
>>I would like to use iptables to translate the source of IP datagrams 
>>generated inside a router for some particular applications (such as 
>>syslog: protocol UDP, destination port 514). I thought to use an 
>>iptables rule defined by an OUTPUT chain (which let manipulate 
>>    
>>
>datagram 
>  
>
>>generated from local process) and by the target SNAT (which let to 
>>translate ip source) -> iptables -t nat -A OUTPUT -p udp --dport 514 -
>>    
>>
>j 
>  
>
>>SNAT --to x.x.x.x. The problem is that the OUTPUT chain cannot be 
>>    
>>
>used 
>  
>
>>with the target SNAT!
>>Has anybody any idea about which is the best and simplest way to get 
>>the result described above?
>>
>>Thanks for Your collaboration.
>>Monia Cheli
>>
>>
>>
>>
>>		
>>Tiscali ADSL 4 Mega Flat 
>>
>>Naviga senza limiti a 19,95 Euro al mese con 4 Megabps di velocita'. 
>>    
>>
>Attiva subito: hai 2 MESI di canone adsl GRATIS!
>  
>
>>In piu', se sei raggiunto dalla rete Tiscali, telefoni senza pagare 
>>    
>>
>il canone Telecom. 
>  
>
>>Scopri subito come risparmiare! 
>>
>>http://abbonati.tiscali.it/prodotti/adsl/tc/4flat/
>>	
>>
>> 
>>
>>    
>>
>You do SNAT in POSTROUTING. Local generated packets also enter
>POSTROUTING. You may want to match source ip or .. you can mark 
>packets
>in mangle OUTPUT, and then SNAT in POSTROUTING matching only the mark
>value with mark match.
>
>
>
>
>
>
>
>
>		
>Tiscali ADSL 4 Mega Flat 
>
>Naviga senza limiti a 19,95 Euro al mese con 4 Megabps di velocita'. Attiva subito: hai 2 MESI di canone adsl GRATIS!
>
>In piu', se sei raggiunto dalla rete Tiscali, telefoni senza pagare il canone Telecom. 
>
>Scopri subito come risparmiare! 
>
>http://abbonati.tiscali.it/prodotti/adsl/tc/4flat/
>	
>
>  
>
Try

iptables -t nat -A POSTROUTING -m mark --mark 13 -SNAT x.x.x.x