Re: NAT for multiple non-directly connected subnets

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: NAT for multiple non-directly connected subnets
Date: Thu, 08 Nov 2007 16:23:05 -0600	[thread overview]
Message-ID: <47338C49.7070102@riverviewtech.net> (raw)
In-Reply-To: <e97f32c10711081417s19405b28p39cdf353ac2731cb@mail.gmail.com>

On 11/08/07 16:17, Bradley Kite wrote:
> Linux machine has eth1, 192.168.1.50/30, connected to a router
> (192.168.1.49/30). Behind this router are many other networks/subnets.
> I'm trying to get the linux box to NAT all of them, not just addresses
> within this tiny /30 subnet (as is the case now).

This should not be a problem.  Unless .... (See below.)

> Hmm. The pre-routing couters are increasing, but that is all. When I
> ping from the router then the post-routing counters increase (because
> its directly connected).

Ok...

> This was my assumption too but I must be missing something.

Could this by chance be a reverse path filtering issue?  Is it possible 
that the firewall is not allowing the traffic from the non directly 
connected /30 to go through.

If you look at the counters in the filter:FORWARD chain do you see the 
traffic passing or is it even making it that far?



Grant. . . .

next prev parent reply	other threads:[~2007-11-08 22:23 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-11-08 21:53 NAT for multiple non-directly connected subnets Bradley Kite
2007-11-08 22:04 ` Matt Zagrabelny
2007-11-08 22:17   ` Bradley Kite
2007-11-08 22:23     ` Grant Taylor [this message]
2007-11-08 22:25     ` Matt Zagrabelny
2007-11-08 22:34       ` Bradley Kite
2007-11-08 22:37         ` Grant Taylor
2007-11-09 10:43         ` Bradley Kite
2007-11-09 15:42           ` Bradley Kite
2007-11-09 16:47             ` Grant Taylor
2007-11-09 23:08             ` Pascal Hambourg
2007-11-10  8:29               ` Bradley Kite

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47338C49.7070102@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox