Re: snat packet going out a bridge

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 20/01/2016 19:55, Steve Clark wrote:


So I want traffic coming in eth5 with 10.10.0.x addresses to be source
natted to 192.168.100.3.
But my iptables nat statement never gets hit.

Chain POSTROUTING (policy ACCEPT 172 packets, 31384 bytes)
  pkts bytes target     prot opt in     out source
destination
     0     0 SNAT       all  --  *      xbrdg0 0.0.0.0/0
0.0.0.0             to:192.168.100.3
    29  1933 MASQUERADE  all  --  *      tun+ 0.0.0.0/0
0.0.0.0/0

# ping -I 10.10.0.1 8.8.8.8
First you should try to match without SNAT at all with a simple log target and see if it matches. 
I would start with:
iptables -t nat -I POSTROUTING -s 10.0.0.1 -o xbrdg0 -j LOG --log-prefix "Should-SNAT: " --log-level 4 

And then:
iptables -t nat -I POSTROUTING -s 10.0.0.1 -o xbrdg0 -j SNAT --to-source 192.168.100.3 

And see what happens.
Also there might be something about this bridge settings and it maybe needs the "-o eth1" but it would be a bit weird. 

Eliezer
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux