Thanks for the reply Erik.
> That would be NAT. To verify, disable _all_ NAT on your box and try
again.
OK, so my next question would be what is doing the nat. Is it only going
to be iptables or could something else be doing it? And by disable all
NAT you mean just clear out any rules in the nat table?
Ip_conntrack is enabled could that be doing anything?
Also the only other thing I have in the back of my mind is on the net it
appears people do a masquerade line between the lan interface and the
internet interface. I do not do this, however I do SNAT any local
traffic to my public IP if its leaving to go to the internet. Is there
some auto masquerade happening which I assume is also like NAT?
Complete nat table list. Sorry I am not sure how to have it include the
interface in this list.
# iptables -t nat -L -vn
Chain PREROUTING (policy ACCEPT 77116 packets, 5866K bytes)
pkts bytes target prot opt in out source
destination
1 52 DNAT tcp -- * * 0.0.0.0/0
xxx.xxx.xxx.54 tcp dpt:8855 to:10.156.170.104
0 0 DNAT tcp -- * * 0.0.0.0/0
xxx.xxx.xxx.55 tcp dpt:5588 to:10.156.80.250
0 0 DNAT tcp -- * * 0.0.0.0/0
xxx.xxx.xxx.56 tcp dpt:5588 to:10.156.80.251
0 0 DNAT tcp -- * * 0.0.0.0/0
xxx.xxx.xxx.57 tcp dpt:5588 to:10.156.80.252
0 0 DNAT tcp -- * * 0.0.0.0/0
xxx.xxx.xxx.58 tcp dpt:5588 to:10.156.80.253
0 0 DNAT tcp -- * * 0.0.0.0/0
xxx.xxx.xxx.50 tcp dpt:2222 to:10.156.170.60
5045 257K DNAT tcp -- * * 0.0.0.0/0
xxx.xxx.xxx.234 tcp dpt:2222 to:10.156.170.60
Chain POSTROUTING (policy ACCEPT 21621 packets, 1515K bytes)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 10.96.11.20
0.0.0.0/0 LOG flags 0 level 4 prefix `NAT INMONITOR '
0 0 LOG all -- * * 0.0.0.0/0
10.96.11.20 LOG flags 0 level 4 prefix `NAT OUTMONITOR '
0 0 LOG all -- * * xxx.xxx.xxx.49
0.0.0.0/0 LOG flags 0 level 4 prefix `NAT OUTMONITOR '
0 0 SNAT tcp -- * eth0 10.0.0.0/8
0.0.0.0/0 tcp dpt:8855 to:203.39.117.50
12999 691K SNAT all -- * eth1 10.0.0.0/8
!xxx.xxx.xxx.48/29 to:xxx.xxx.xxx.50
Chain OUTPUT (policy ACCEPT 16397 packets, 1249K bytes)
pkts bytes target prot opt in out source
destination
#
>> [...]
>> # tcpdump -ni any host 10.96.11.20
> ^^^^^^^^^^^
> That's the IP address affected by your NAT config shown below.
>
Yes. As you can see below, first line is the packet arriving on eth1 and
the second line is it leaving on eth0.
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>> decode
>> listening on any, link-type LINUX_SLL (Linux cooked), capture size
65535
>> bytes
>> 15:33:24.698796 IP xxx.xxx.xxx.49.57024> 10.96.11.20.2055: UDP,
length
>> 1464
>> 15:33:24.698827 IP xxx.xxx.xxx.50.57024> 10.96.11.20.2055: UDP,
length
>> 1464
>>
IMPORTANT
This email and all its attachments are intended solely for the named addressee.
It is private and confidential and may contain legally privileged material.
If you receive it in error, please advise by return email.
Once you have notified us, you should delete it from your system and destroy any copies that you may have made.
This email and all its attachments may be subject to copyright.
No part of it may be reproduced, adapted or transmitted without the written consent of the copyright owner.
Emails may be interfered with or contain computer viruses. No warranty or indemnity is provided in relation to any damage that may be caused due to these matters.
#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared
by MailMarshal
#####################################################################################
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
