Re: Bug/Problem with DNAT on OUTPUT chain (-t nat -A OUTPUT) that breaks routing? (fwd)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Evan Harris wrote:

Ok, I've upgraded to kernel 2.4.22, and the same behaviour is being
exhibited.

To recap the problem:

Packets being nat'd on the OUTPUT chain of a machine are still being sent on
the same interface they would have without the nat, and ignoring the route
that aims them to the right iface for that dest addr.

Evan




I haven't seen the rest of this thread, so I may have missed something, but why are you doing DNAT on the nat OUTPUT chain? DNAT is usually done on the nat PREROUTING chain and SNAT on the POSTROUTING chain. Anything done in filter OUTPUT, mangle POSTROUTING, or nat POSTROUTING could change the direction of your packets before they leave your host.

Jeff



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux