From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexandru Dragoi Subject: Re: Iptables SNAT for pkt generated by internal process Date: Tue, 16 May 2006 19:56:26 +0300 Message-ID: <446A043A.70700@zoomnet.ro> References: <25385417.1147796015381.JavaMail.root@ps20> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <25385417.1147796015381.JavaMail.root@ps20> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: "moniacheli@tiscali.it" Cc: netfilter@lists.netfilter.org moniacheli@tiscali.it wrote: >I think I could use these commands: > >iptables -t mangle -A OUTPUT -p udp --dport 514 -j MARK --set-mark 13 >iptables -t nat -A POSTROUTING -- mark 13 -SNAT x.x.x.x > >I tried, but I had this problem on first command: >"Couldn't load match `MARK':/lib//iptables/libipt_MARK.so: cannot open >shared object file: No such file or directory" > >Are the commands above rigth and is it sufficient to copy libipt_MARK. >so into :/lib//iptables/ directory to solve my problem? > >Thanks a lot to Alexandru Dragoi > >Bye Monia > >----Messaggio originale---- >Da: alex@zoomnet.ro >Data: 16/05/2006 13.00 >A: "moniacheli@tiscali.it" >Cc: >Ogg: Re: Iptables SNAT for pkt generated by internal process > >moniacheli@tiscali.it wrote: > > > >>I would like to use iptables to translate the source of IP datagrams >>generated inside a router for some particular applications (such as >>syslog: protocol UDP, destination port 514). I thought to use an >>iptables rule defined by an OUTPUT chain (which let manipulate >> >> >datagram > > >>generated from local process) and by the target SNAT (which let to >>translate ip source) -> iptables -t nat -A OUTPUT -p udp --dport 514 - >> >> >j > > >>SNAT --to x.x.x.x. The problem is that the OUTPUT chain cannot be >> >> >used > > >>with the target SNAT! >>Has anybody any idea about which is the best and simplest way to get >>the result described above? >> >>Thanks for Your collaboration. >>Monia Cheli >> >> >> >> >> >>Tiscali ADSL 4 Mega Flat >> >>Naviga senza limiti a 19,95 Euro al mese con 4 Megabps di velocita'. >> >> >Attiva subito: hai 2 MESI di canone adsl GRATIS! > > >>In piu', se sei raggiunto dalla rete Tiscali, telefoni senza pagare >> >> >il canone Telecom. > > >>Scopri subito come risparmiare! >> >>http://abbonati.tiscali.it/prodotti/adsl/tc/4flat/ >> >> >> >> >> >> >You do SNAT in POSTROUTING. Local generated packets also enter >POSTROUTING. You may want to match source ip or .. you can mark >packets >in mangle OUTPUT, and then SNAT in POSTROUTING matching only the mark >value with mark match. > > > > > > > > > >Tiscali ADSL 4 Mega Flat > >Naviga senza limiti a 19,95 Euro al mese con 4 Megabps di velocita'. Attiva subito: hai 2 MESI di canone adsl GRATIS! > >In piu', se sei raggiunto dalla rete Tiscali, telefoni senza pagare il canone Telecom. > >Scopri subito come risparmiare! > >http://abbonati.tiscali.it/prodotti/adsl/tc/4flat/ > > > > Try iptables -t nat -A POSTROUTING -m mark --mark 13 -SNAT x.x.x.x