problems with SNAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello


 We have a lan with ips in private range
Problem is described with a following pic

----------      ----------
  |  PC2 |-----|  R2   |
  ----------      ----------
                   |
                   |
                 ----------         ----------
                 |   R1  |--------|  PC1 |
                 ----------         ----------
                     |
                 ----------
                  | ISP |
                  ----------

 R1 - router 1, linux
R2 - router 2, ms windows 2000
 PC1 - pc 1, ms windows XP
 PC1 - pc 1, ms windows 2000

 when I'm trying to set SNAT on R1 for PC1
 # iptables -t nat -A POSTROUTING -s  $pc1 -j SNAT --to-source $ip_to_isp
it works

 but when I'm trying to set SNAT for PC2
 # iptables -t nat -A POSTROUTING -s  $pc2 -j SNAT --to-source $ip_to_isp
it fails

 tcpdump -nl -i $ISP_eth
 shows that R1 forwards packets from PC2 to outside world without NATing
 and in the same time packets from PC1 is NATed

when i made
 # iptables -t filter -A FORWARD -s PC2 -j DROP
it works, packets from PC2 is not going outside anymore

 i have tried to do SNAT with firewall rules flushed and policies set to ACCEPT
the problem appeared again

Thanks at advance


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux