DNAT and ICMP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I am working with SNAT and DNAT rules.

When I send a packet {[IP1]} out it goes through the SNAT rules and
source field in ip header gets changed.
Now if there is an ICMP response { [IP2][ICMP][IP1] } for this packet,
It goes through DNAT rules. IP2 gets DNATted  but the ip header (IP1)
inside the ICMP packet also gets DNATted.

src {SNAT(169.254.1.1) = 10.10.10.10} ----------> dst {10.10.10.11}
icmp comes from dst.
dst {10.10.10.11} -------------------------> src {DNAT(10.10.10.10) =
169.254.1.1}
the IP packet inside icmp header should have
src = 10.10.10.10 and dst = 10.10.10.11 but it shows src = 169.254.1.1
and dst = 10.10.10.11

means for ICMP responses both ip headers (main ip header and the one
inside icmp packet) are going through DNAT.

Is it the connection tracking or there is special handling done in the kernel?


-- 
Thanks
Pankaj Jain
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux