Re: Sometimes SNAT is not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

Manish Jain a écrit :

I am using some internal IPs (169.254.x.x) on my box and then performing
SNAT and DNAT from/to this IP to/from actual public IP.

Note : you should consider using an address range other that 169.254.0.0/16 which is reserved for non routable link local communications (see RFC 3330). You could use a private address range in 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 (see RFC 1918) instead.

It has been observed that sometimes SNAT does not work and internal IP
exposed to outside world.

Please share your experiences. Whether it has to do with connection
tracking in some way or other?

Probably. NAT does not work on packets in the INVALID or NOTRACK state.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux