Re: IP forwarding with MASQUERADE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>
> Am I correct in presuming that "mail1.telia.com" is 10.0.0.1?
>

Yes.  I get the same result no matter what ip address I use.



>
> I believe the connections that connection tracking is keeping track of are
> listed somewhere in /proc, but I don't know where off hand.

Should the file /proc/net/ip_masquerade exist?
I found some reference to it on the web but there does not seem to be
such a file when I grep the source code.
Are there any other files I can look at?
/proc/net/ip_conntrack or /proc/net/nf_conntrack for example

>> Can the combination of iptables v1.3.8 and linux kernel v2.6.25 be out of
>> synch or corrupted?
>
> I would not think.  Usually if you have a mis-match between the iptables
> binary and the kernel you will get an error indicating such, not a weird
> mis-behavior like you are seeing.

Can netfilter be broken in 2.6.25?  Has anything changed in the
netfilter kernel code recently?

>
> The only thing that comes to mind is that there is something stale in your
> IPTables rules in memory.  Will you please do an iptables-save and show us
> the output?
>

# iptables-save
# Generated by iptables-save v1.3.8 on Wed Oct  8 17:48:35 2008
*raw
:PREROUTING ACCEPT [12:1335]
:OUTPUT ACCEPT [8:672]
COMMIT
# Completed on Wed Oct  8 17:48:35 2008
# Generated by iptables-save v1.3.8 on Wed Oct  8 17:48:35 2008
*nat
:PREROUTING ACCEPT [3:427]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [3:252]
-A POSTROUTING -j LOG --log-prefix "msk:"
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Wed Oct  8 17:48:35 2008
# Generated by iptables-save v1.3.8 on Wed Oct  8 17:48:35 2008
*mangle
:PREROUTING ACCEPT [12:1335]
:INPUT ACCEPT [11:1251]
:FORWARD ACCEPT [1:84]
:OUTPUT ACCEPT [8:672]
:POSTROUTING ACCEPT [9:756]
COMMIT
# Completed on Wed Oct  8 17:48:35 2008
# Generated by iptables-save v1.3.8 on Wed Oct  8 17:48:35 2008
*filter
:INPUT ACCEPT [11:1251]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8:672]
-A INPUT -j LOG --log-prefix "in:"
-A FORWARD -j LOG --log-prefix "fwd:"
-A FORWARD -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A OUTPUT -j LOG --log-prefix "out:"
COMMIT
# Completed on Wed Oct  8 17:48:35 2008
#
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux