iproute2 dump nat

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sorry for disturbung you, but I am not aware about a specialized forum/ml for iproute2. I try to use iproute2's dumb nat, I tried with kernels 2.4.27, .32 and 2.6.8.
While DNAT is working fine, I am not able to do any SNAT:

2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:04:e2:10:88:5f brd ff:ff:ff:ff:ff:ff
    inet 10.10.20.10/24 brd 10.135.28.255 scope global eth0
    inet6 fe80::204:e2ff:fe10:885f/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:04:e2:10:80:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.1/24 scope global eth1

I defined a ip rule:

lb-test-11:/usr/src/packages# ip rul sh
0:      from all lookup local
32764:  from 192.168.3.2 lookup main map-to 10.10.20.11
32766:  from all lookup main
32767:  from all lookup default

Packets comming in here (from 192.168.3.2):
# tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
16:53:07.472210 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1366
16:53:08.471939 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1367
16:53:09.471768 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1368


and go out here (They are _from_ 192.168.3.2 , so policy 32764 should match)
# tcpdump -n -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:54:45.454799 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1464
16:54:46.454559 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1465
16:54:47.454396 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1466

Source NAT is not takeing place. And no, I dont have any iptables rules in PREROUTING.
Am I too dumb for or do I miss the point? Is there a way to log what policies are "hit" by packets?

Best Regards,
Andreas

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux