Troubles DNATing UDP

[Покотиленко Костик <casper@xxxxxxxxxxxx>]

Hi.

I have strange troubles with DNATing UDP packets.

The situation:

1. We have local network 10.10.0.0/16
2. We have a "server network" 192.168.1.0/25 connected with local
network by a router 10.10.100.1 (other ip 192.168.1.1).
3. Web server is located at 192.168.1.2
4. There are HW pingers in the net 10.10.0.0/16 whose do ping
10.10.100.1 every second. The ping is the UDP packet with both source
and destination ports set to 4000.
5. There is software to decode ping packets and produce/update html
report. 

I want to install the ping-analizing software at the web-server
(192.168.1.2) and connect it with localy running apache to have a web
page with ping-report.

As the pingers ping (send UDP packets) to 10.10.100.1 I was trying to
redirect them to 192.168.1.2 by:

iptables -t nat -I PREROUTING 1 -p udp --dport 4000 -j DNAT
--to-destination 192.168.1.2:4000
iptables -I FORWARD -p udp --dport 4000 -d 192.168.1.2 -j ACCEPT

Neither of those rules not catching the packets, they all reach
10.10.100.1 INPUT chain. Those rule counters are zero.

If I do:

iptables -t mangle -I PREROUTING 1 -p udp --dport 4000

this rule catch needed packets, but not in NAT tables! Why?

I tryed same with TCP:

iptables -t nat -I PREROUTING 1 -p tcp --dport 4000 -j DNAT
--to-destination 192.168.1.2:4000
iptables -I FORWARD -p tcp --dport 4000 -d 192.168.1.2 -j ACCEPT

and this works fine, I can see packets at 192.168.1.2 when doing telnet
10.10.100.1 4000 from the localnet.

Here is tcpdump from 10.10.100.1:

# tcpdump -i br0 port 4000 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on br0, link-type EN10MB (Ethernet), capture size 96 bytes
16:36:53.202130 IP 10.10.100.23.4000 > 10.10.100.1.4000: UDP, length: 74
16:36:54.092413 IP 10.10.100.21.4000 > 10.10.100.1.4000: UDP, length: 74
16:36:54.143128 IP 10.10.100.22.4000 > 10.10.100.1.4000: UDP, length: 74
16:36:55.291886 IP 10.10.100.23.4000 > 10.10.100.1.4000: UDP, length: 74
16:36:55.545621 IP 10.10.100.22.4000 > 10.10.100.1.4000: UDP, length: 74
16:36:55.743096 IP 10.10.100.21.4000 > 10.10.100.1.4000: UDP, length: 74

Once again, all those packets reach INPUT chain, rules in -t nat -I
PREROUTING not working.

So here is the question: Does the UDP is being DNAT'ed differently
comparing with TCP? What is the difference? How can I DNAT them?

Thanks in advance.

P.S. This king of UDP ping doesn't require responce, its just to see
which remote point is still alive.

-- 
Покотиленко Костик <casper@xxxxxxxxxxxx>

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc