Hello,
I have the following setup on linux 2.6.32... CentOS 6.x :
ipsec tunnel eth0-10.255.3.254/25 - eth1-pub add1 <-> eth1-pub add2 -
eth0-10.255.5.254/25
I am trying to SNAT remote private address 10.255.5.128/25 packets when
they come out of the ipsec tunnel to make it appear like it was from local
address 10.255.3.254. I am doing a source ping from the right side to a
device on the left subnet ping -I 10.255.5.254 10.255.3.129
but it doesn't work - see below.
iptables -t nat -I POSTROUTING -o eth0 -s 10.255.5.128/25 -d 10.255.3.128/25 -j
SNAT --to-source 10.255.3.254
Chain POSTROUTING (policy ACCEPT 6 packets, 456 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * eth0 10.255.5.128/25 10.255.3.128/25
to:10.255.3.254
$ sudo tcpdump -nli eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:20:17.772396 IP 10.255.5.254 > 10.255.3.129: ICMP echo request, id 52588, seq
62, length 64
15:20:18.777272 IP 10.255.5.254 > 10.255.3.129: ICMP echo request, id 52588, seq
63, length 64
15:20:19.772572 IP 10.255.5.254 > 10.255.3.129: ICMP echo request, id 52588, seq
64, length 64
15:20:20.770681 IP 10.255.5.254 > 10.255.3.129: ICMP echo request, id 52588, seq
65, length 64
I would expect 10.255.5.254 to be replaced with 10.255.3.254 what am I missing?
Is this possible
I could do it when we were using FreeBSD.
I didn't find anything googling.
Thanks,
Steve
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
