hi,
i've been an user of netfilter/iptables for a short time, and it's always
worked great for me, doing NAT and packet filtering exactly as it should
(thanx a lot to who wrote the NAT-HOWTO although :D). anyway, i'm
experiencing some strange behaviour:
i have a DNATting rule as the following:
iptables -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP
where EXTIF (ppp0 - yeah, dialup) and EXTIP (dynamically assigned but
correctly detected) are properly set. recently i have set up a DNS server,
and i wish it was accessible from the outside. i have used djbdns, and set
it up correctly. actually the requests are received and processed, but the
outgoing packets with the replies are blocked by my packet filter. i have
the following log from dmesg:
IN= OUT=ppp0 SRC=10.0.6.5 DST=80.116.131.210 LEN=68 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=4538 LEN=48
10.0.6.5 is the ip which djbdns is running on, and 80... is the ip who made
the request. what is strange is that the packet was trying to go out with
the internal ip! is this normal? it's been blocked because i have a rule:
iptables -A OUTPUT -o $EXTIF -s $UNIVERSE -d $INTNET -j drop-and-log-it
shouldn't the packet's source address have already been changed at this
time? what am i doing wrong? may it be because it's using the UDP protocol?
my natting rule should work with all protocols though...
help me!
thanks in advance!
Giorgio
