Problem or not on SNAT and Forwarding Rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

 

I’m currently experiencing some problems with SNAT

And I think I made a bad configuration in order to have that problem.

 

We have the following situation:

 

            MYCLIENT à MYFIREWALL à CUSTOMERFIREWALL à CLIENT-CUSTOMER

 

MyClient ip address is: 192.168.1.12

MyClient ip address is source nated: 172.19.93.101

Client-Customer ip address is: 172.19.92.100

 

I have implemented the following rules:

 

            Iptables -A POSTROUTING -s 192.168.1.12 -d 172.19.92.0/255.255.255.0 -p tcp -m tcp -j SNAT --to-source 172.19.93.101

Iptables -A TBTSNAT -s 172.19.92.100 -d 192.168.1.12 -i eth0 -o eth1 -p tcp -m tcp --sport 10040 --dport 1023:65535 -j ACCEPT

Iptables -A FORWARD -j TBTSNAT

 

I think I should be because of SNAT occurs after the forwarding rules :

            Iptables -A POSTROUTING -s 192.168.1.12 -d 172.19.92.0/255.255.255.0 -p tcp -m tcp -j SNAT --to-source 172.19.93.101

            Iptables -A TBTSNAT -s 172.19.92.100 -d 172.19.93.101 -i eth0 -o eth1 -p tcp -m tcp --sport 10040 --dport 1023:65535 -j ACCEPT

            Iptables -A FORWARD -j TBTSNAT

 

I’m wrong?

 

Thanks you for you help,

 

Best regards

 

Farid IZEM

Ingénieur Système Unix

Société ABX Logistics France

48-50, route principale du port

92232 Gennevilliers

Tél. : 01-41-47-61-78

Email : farid.izem@xxxxxxxxxxxxxxx

 

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux