Hi all,
I have these rules in place: (VPNDEV = ppp+)
$IPTABLES -A PREROUTING -t nat -i $VPNDEV -s 10.10.1.0/24 -p udp --sport 137 --dport 137 -j DNAT --to 10.10.0.30
$IPTABLES -A PREROUTING -t nat -i $VPNDEV -s 10.10.1.0/24 -j LOG --log-prefix "VPNPREPAK "
$IPTABLES -A INPUT -i $VPNDEV -s 10.10.1.0/24 -j LOG --log-prefix "VPNINPPAK "
Listing them shows:
32 2550 j_DNAT udp -- ppp+ * 10.10.1.0/24 0.0.0.0/0 udp spt:137 dpt:137 to:10.10.0.30
257 20375 j_LOG all -- ppp+ * 10.10.1.0/24 0.0.0.0/0 LOG flags 0 level 4 prefix `VPNPREPAK '
yet I receive these logs and can't find out why it's passing through the DNAT rule??? Doesn't UDP work with DNAT or something???
The DNAT works but for some reason it seems to go to the INPUT chain still where it's should be going through the FORWARD chain since it's been NATted...
May 21 16:27:40 firewall kernel: VPNINPPAK IN=ppp5 OUT= MAC= SRC=10.10.1.137 DST=10.10.1.254 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=54277 PROTO=UDP SPT=137 DPT=137 LEN=58
May 21 16:27:40 firewall kernel: VPNINPPAK IN=ppp17 OUT= MAC= SRC=10.10.1.150 DST=10.10.1.254 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=20280 PROTO=UDP SPT=137 DPT=137 LEN=76
May 21 16:27:41 firewall kernel: VPNINPPAK IN=ppp5 OUT= MAC= SRC=10.10.1.137 DST=10.10.1.254 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=54279 PROTO=UDP SPT=137 DPT=137 LEN=58
Thanks,
____________________________________________
George Vieira
Citadel Computer Systems Pty Ltd Systems Manager georgev AT citadelcomputer DOT com DOT au
Citadel Computer Systems Pty Ltd
Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 <http://www.citadelcomputer.com.au/> http://www.citadelcomputer.com.au
