Hi all,
I am having a small problem with netfilter on Linux kernel 2.6.11.4. It
seems not all packets are hitting the pre-routing chain. In
pre-routing, I have the following rules:
$IPTABLES -t nat -A PREROUTING -i $IF_OUT -d 10.50.18.22 -j DNAT
--to-destination 192.168.1.22
$IPTABLES -t nat -A PREROUTING -i $IF_OUT -d ! 10.50.18.21 -m limit
--limit 5/second -j LOG --log-prefix "non-nat input: "
As you can see all packets arriving for 10.50.18.22 should be natted to
192.168.1.22, and anything else should be logged.
If I look at the rule stats, there are no matches on the log rule, so in
theory, all packets are DNAT'ed?
However, when looking at the logs for the filter:INPUT chain, I see
packets destined for 10.50.18.22 are being logged and dropped. So
somehow, these packets made it through the nat:PREROUTING chain WITHOUT
being natted.
Any ideas?
It also seems like some response packets (only seen ack and fin-ack
packets so far) are not being successfully connection tracked. Could
this be part of the problem?
Any help/info appreciated.
Thanks,
Justin
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
