Hi there. Background: Clients(10.10.0.0/16) <-> Router(br0:10.10.100.1, eth0:192.168.1.1) <-> Servers(192.168.1.0/25) Server2: 192.168.1.3 Nat rule on Router: # WWW-services on Server2 iptables -t nat -A PREROUTING -i br0 -d 192.168.1.130 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.3:80 Some time ago, when the Router kernel was 2.6.8 doing tcpdump -i br0 I was able to see DNAT'ed traffic like it was seen be clients, e.g 10.10.102.139:* <-> 192.168.1.130:80. Now the router runs 2.6.18, iptables rules did not change, the picture I see is: #tcpdump -i br0 -n net 192.168.1.0/24 13:15:32.922055 IP 10.10.102.139.1075 > 192.168.1.3.80: S 401022809:401022809(0) win 65535 <mss 1460,nop,nop,sackOK> 13:15:32.922350 IP 192.168.1.130.80 > 10.10.102.139.1075: S 796867770:796867770(0) ack 401022810 win 5840 <mss 1460,nop,nop,sackOK> 13:15:32.922558 IP 10.10.102.139.1075 > 192.168.1.3.80: . ack 796867771 win 65535 13:15:32.927802 IP 10.10.102.139.1075 > 192.168.1.3.80: P 0:469(469) ack 1 win 65535 13:15:32.928234 IP 192.168.1.130.80 > 10.10.102.139.1075: . ack 470 win 6432 13:15:33.176471 IP 192.168.1.130.80 > 10.10.102.139.1075: . 1:1461(1460) ack 470 win 6432 13:15:33.176534 IP 192.168.1.130.80 > 10.10.102.139.1075: . 1461:2921(1460) ack 470 win 6432 So it seems like in 2.6.8 tcpdump captured packets before DNAT and after un-DNAT, but in 2.6.18 tcpdump captures AFTER DNAT, and after un-DNAT. Can someone comfirm my thoughts? -- Покотиленко Костик <casper@xxxxxxxxxxxx>
