I have an FC5 (2.6.16.13-xen kernel) box with 2 interfaces: eth0 is 192.168.1.221 (external network) eth1 is 192.168.10.1 (internal network) I've got to nat traffic through this box from host 192.168.10.2 to host 192.168.1.12. So I enabled ip forwarding and source nat on the multi-homed box: # sysctl -w net.ipv4.ip_forward=1 # iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.1.221 That didn't work; the packets were indeed forwarded but their source address was unchanged (still 192.168.10.2): # tcpdump -n -i eth0 18:14:12.425317 IP 192.168.10.2 > 192.168.1.12: ICMP echo request, id 2617, seq 9, length 64 I also tried plain old Masquerading: # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE This also does not change the packets' source address, but it does forward them from eth1 to eth0 again. This similar command has a different but still incorrect effect: # iptables -t nat -A POSTROUTING -j MASQUERADE It changes the source address of the packets on eth1 but of course does not forward them to eth0. Nothing seems to work. Packets are either forwarded but without new source IPs or they get new source IPs but aren't forwarded. My filter table is wide open (no rules). The same kernel can do SNAT just fine using Debian. I'm starting to think FC5 is missing something. However, I seem to have the following modules, which appear sufficient to me: # lsmod | grep ip ipt_MASQUERADE 3776 0 iptable_filter 3104 1 iptable_nat 8836 1 ip_nat 18092 2 ipt_MASQUERADE,iptable_nat ip_conntrack 55800 4 xt_state,ipt_MASQUERADE,iptable_nat,ip_nat nfnetlink 6520 2 ip_nat,ip_conntrack ip_tables 13636 2 iptable_filter,iptable_nat x_tables 13188 6 xt_state,ipt_MASQUERADE,xt_tcpudp,xt_physdev,iptable_nat,ip_tables ipv6 269056 14 Any ideas on how to proceed with troubleshooting this? Thanks, Steve Brueckner, ATC-NY
