Hello, Manish Jain a écrit :
I am using some internal IPs (169.254.x.x) on my box and then performing SNAT and DNAT from/to this IP to/from actual public IP.
Note : you should consider using an address range other that 169.254.0.0/16 which is reserved for non routable link local communications (see RFC 3330). You could use a private address range in 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 (see RFC 1918) instead.
It has been observed that sometimes SNAT does not work and internal IP exposed to outside world. Please share your experiences. Whether it has to do with connection tracking in some way or other?
Probably. NAT does not work on packets in the INVALID or NOTRACK state.
