On 09/11/2007, Bradley Kite <bradley.kite@xxxxxxxxx> wrote: > On 08/11/2007, Bradley Kite <bradley.kite@xxxxxxxxx> wrote: > > On 08/11/2007, Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote: > > > > > > On Thu, 2007-11-08 at 22:17 +0000, Bradley Kite wrote: > > > > On 08/11/2007, Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote: > > > > [snip] > > > > I tried this with the same results I'm afraid. If I cannot get this > > working then I'll have to make the upstream router do NAT too so that > > the entire network is seen from the address of the up-stream router - > > as Linux is NATing that address without problems. > > > > Or maybe I'll try a kernel upgrade to see if that makes any difference. > > Hmm. I've tried also with the latest kernel (2.6.23) but I still have > the same problem. > > Has any body else managed to get something like this working before? > Just in case any body else has this problem, I have found the solution so thought I would share: I am actually running a virtual network within my linux machine for testing/studying. This means that as packets leave the various routers within my virtual network, they are seen by the IP-Tables because of the bridges I have set up to connect the virtual routers. the connection-tracking needs to be turned off on the bridges in order to make this work: iptables --table raw -A PREROUTING -i [BRIDGE] -j NOTRACK this then allows the packet to correctly enter the POSTROUTING table once it eventually gets to the NAT interface on the same linux device. Hopefully somebody else will find this useful. -- Brad. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
