SNAT and Tunnels

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kernel V2.4.26
Iptables V1.2.9

SNAT does not work for the tun devices.

Seems to work fine for the eth devices as expected.

Any suggestions or reasons why this does not function?

Regards

/Steve



Configuration

# Generated by iptables-save v1.2.9 on Wed Jun 30 23:51:45 2004
*mangle
:PREROUTING ACCEPT 
:INPUT ACCEPT 
:FORWARD ACCEPT 
:OUTPUT ACCEPT 
:POSTROUTING ACCEPT 
-A POSTROUTING -d 10.3.0.1/255.255.255.255 -m nth --every 2 --packet 0
-j ROUTE --oif tun1
-A POSTROUTING -d 10.3.0.1/255.255.255.255 -m nth --every 2 --packet 1
-j ROUTE --oif tun2
-A POSTROUTING -d 192.168.2.210/255.255.255.255 -m nth --every 2
--packet 0 -j ROUTE --oif tun1
-A POSTROUTING -d 192.168.2.210/255.255.255.255 -m nth --every 2
--packet 1 -j ROUTE --oif tun2
COMMIT
# Generated by iptables-save v1.2.9 on Mon Jul  5 19:36:55 2004
*nat
:PREROUTING ACCEPT 
:POSTROUTING ACCEPT [5:277]
:OUTPUT ACCEPT [17:1317]
-A POSTROUTING -o tun1 -j SNAT --to-source 10.3.0.2
-A POSTROUTING -o tun2 -j SNAT --to-source 10.3.0.2
-A POSTROUTING -o eth1 -j SNAT --to-source 192.168.253.1
-A POSTROUTING -o eth2 -j SNAT --to-source 192.168.252.1
COMMIT
# Completed on Mon Jul  5 19:36:55 2004
# Generated by iptables-save v1.2.9 on Mon Jul  5 19:36:55 2004
*filter
:INPUT ACCEPT [1:52]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [426:60155]
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j
ACCEPT
-A INPUT -p tcp -m tcp --dport 22   -j ACCEPT
-A INPUT -i eth0 -p tcp -m limit --limit 1/sec -m tcp --dport 0:1024 -j
LOG --log-prefix "tcp connection: "
-A INPUT -i eth0 -p udp -m limit --limit 1/sec -m udp --dport 0:1024 -j
LOG --log-prefix "udp connection: "
-A INPUT -i eth0 -p tcp -m tcp -j DROP
-A INPUT -i eth0 -p udp -m udp -j DROP
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -i eth2 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp -m state --state NEW -j ACCEPT
COMMIT
# Completed on Mon Jul  5 19:36:55 2004
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux