Hi Dan,
On 12/21/2012 07:30 AM, Daniel Johnson wrote:
[...]
The problem is that the packets arrive in eth1 with source
xxx.xxx.xxx.49 (cisco router) and leave eth0 with a source of
xxx.xxx.xxx.50 (my eth1 IP).
As shown below.
Can anyone give me some suggestions as to what could be modifying the
source address of the packets and how to stop it please?
That would be NAT. To verify, disable _all_ NAT on your box and try again.
[...]
# tcpdump -ni any host 10.96.11.20
^^^^^^^^^^^
That's the IP address affected by your NAT config shown below.
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
bytes
15:33:24.698796 IP xxx.xxx.xxx.49.57024> 10.96.11.20.2055: UDP, length
1464
15:33:24.698827 IP xxx.xxx.xxx.50.57024> 10.96.11.20.2055: UDP, length
1464
# ip rule list
Source (or policy) based routing does not rewrite IP addresses.
[...]
Firewall
Traffic is ACCEPT through the FORWARD chain.
Confirmation via logging that it is not hitting my SNAT rule LAN traffic
going out over internet.
$iptables --table nat --append POSTROUTING --source 10.96.11.20 --jump
LOG --log-prefix "NAT INMONITOR "
$iptables --table nat --append POSTROUTING --destination 10.96.11.20
--jump LOG --log-prefix "NAT OUTMONITOR "
I don't see any interface specified and have to assume that these NAT
statements _do_ affect the traffic from your router.
Regards,
Erik
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
