Hi Sietse,
I tried with one to one mapping before this one to many iptables
rule. I dont see any effect of this iptables config in the packet. I
even tried MASQ without ip address on the eth1 without any success.
Anyway Thanks for the help. I appreciate it.
Cheers
..baski
Sietse van Zanen wrote:
Hi,
I think, that your rule does not make sense:
iptables -t nat -A POSTROUTING --protocol udp --source-port 5060 -j SNAT --to-source 5.5.5.7:1024-32000
You are trying to NAT a single port (5060) onto a range of ports (1024-32000). This will not work. NAT should be a many-many or single-single relationship. When many-many, ranges should be exactly the same size. It should be more like:
iptables -t nat -A POSTROUTING --protocol udp --source-port 5060 -j SNAT --to-source 5.5.5.7:1024
Cheers,
Sietse
________________________________
From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Baskaran Mohandass
Sent: Tue 14/06/2005 22:01
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: SNAT issue for locally generated UDP packet
Hi all,
I am trying to source nat the packet generated locally using
iptables. Machine is running Fedora core2 and one of the interface
address is 5.5.5.7. Sip server sends a packet with source port 5060 and
ip address 5.5.5.7. I want to change the IP address and the source port
when it goes out. Reading the IPtables manual only rule i can think of is
iptables -t nat -A POSTROUTING --protocol udp --source-port 5060 -j
SNAT --to-source 5.5.5.7:1024-32000.
[root@sipserver2 ~]# uname -a
Linux sipserver2.baski.com 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST 2004
i686 i686 i386 GNU/Linux
Unfortunately it does not work. IPtables also says that locally
generated packets are modified in the output chain and there is not NAT
capability in there. I went through all the messages in the archive for
SNAT and OUTPUT, So I would really appreciate any help on this. If there
is any patch available for this I am ready to try.
Thanks and Regards
..baski
