Problem: NAT table POSTROUTING chain not capturing some packets...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Here are some details...

Masquerading ALL packets that are going out ppp0.
# iptables -t nat -vnL POSTROUTING
Chain POSTROUTING (policy ACCEPT 248 packets, 12728 bytes)
pkts bytes target prot opt in out source destination


638 32633 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0

55 4752 MASQUERADE all -- * !ppp0 10.0.0.0/8 0.0.0.0/0

Packets to 65.24.XXX.238 not masqueraded out ppp0 for some reason?!?!!
# tcpdump -npi ppp0
16:36:32.122893 10.1.0.100.2662 > 65.24.XXX.238.50112: S 824948389:824948389(0)
ack 3074025037 win 5 (DF)
16:36:38.166449 10.1.0.100.2662 > 65.24.XXX.238.50112: S 830991959:830991959(0)
ack 3074025037 win 5 (DF)
16:36:50.130391 10.1.0.100.2662 > 65.24.XXX.238.50112: S 842955892:842955892(0)
ack 3074025037 win 5 (DF)


What the kernel routing looks like after witnessing the above tcpdump..
# ip route ls cache | grep 65.24
65.24.XXX.238 via 65.XXX.XXX.4 dev ppp0  src 65.XXX.XXX.2
10.1.0.100 from 65.24.XXX.238 dev ppp1  src 65.XXX.XXX.2

My routing table...
# ip route
10.1.0.100 dev ppp1  proto kernel  scope link  src 10.1.0.1
10.0.0.6 via 10.0.0.6 dev ipsec0
65.XXX.XXX.4 dev ppp0  proto kernel  scope link  src 65.XXX.XXX.2
172.16.50.0/24 dev vmnet8  proto kernel  scope link  src 172.16.50.1
172.16.205.0/24 dev vmnet1  proto kernel  scope link  src 172.16.205.1
10.0.0.0/16 dev eth0  scope link
10.0.0.0/16 dev ipsec0  proto kernel  scope link  src 10.0.0.1
10.1.0.0/16 dev eth0  proto kernel  scope link  src 10.1.0.1
127.0.0.0/8 dev lo  scope link
default via 65.XXX.XXX.4 dev ppp0

The routing policy...
# ip rule
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup 253


Now the question is how the heck did the packets (see tcpdump) NOT get masqueraded out ppp0?


_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux