Hi, It seems IP MASQUERADING is not working in the case of icmp packet same rules for a TCP and UDP packet are working without any issue.. Is there any way to debug in this case ? Regards, Ajith On Sun, Oct 9, 2011 at 12:24 PM, Ajith Adapa <adapa.ajith@xxxxxxxxx> wrote: > Hi, > > I have a doubt regarding the NAPT mechanism part of netfilter in linux > kernel for a ICMP packet. I am using Redhat 5.7 64 bit OS. > > In case of ICMP packets basically it is the echoid and source address > are used as a tuple or a key. So based on the NAPT rules present in > iptables the echo id > module in icmp packet has to be modified. > > But its not happening so. Echoid in icmp packet remains same. My > iptable nat rules are shown below. Ideal case icmp echo id has to > modified to the range as shown below. > I am sorry if I am wrong .. anyway to debug such a scenarios ? > > iptables -t nat -L -nv > Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 DNAT all -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 to:192.168.1.1 > Chain POSTROUTING (policy ACCEPT 104 packets, 6628 bytes) > pkts bytes target prot opt in out source > destination > 0 0 MASQUERADE icmp -- * eth1 192.168.1.0/24 > 0.0.0.0/0 masq ports: 63232-63359 > > Regards, > Ajith > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
