Hello,
I'm trying to get masquerading/SNAT to work on a Ubiquity AirOS device
(kernel 2.6.15). All chains are empty, policy ACCEPT, just one rule:
Chain POSTROUTING (policy ACCEPT 3 packets, 200 bytes)
pkts bytes target prot opt in out source
destination
4 288 SNAT all -- any eth1 192.168.23.0/24
anywhere to:10.213.5.9
When I ping an internet host from the internal network, one reply arrives,
then it gets stuck. No more packets appear on eth1.
Same with TCP; after trying to open a connection (ACK reply arrives,
followed by silence) I find an entry in ip_conntrack:
tcp 6 49 SYN_RECV src=192.168.23.2 dst=88.198.17.205 sport=3955
dport=22 src=88.198.17.205 dst=10.213.5.9 sport=22 dport=3955 use=2
What's missing? Any insight appreciated!
Kind regards,
--
Steffen Beyer <steffen@xxxxxxxx>
GnuPG key fingerprint: CA00 1611 242B 89D4 E643 E235 05F3 7689 DD3E EB26
Public key available upon request or at http://wwwkeys.de.pgp.net
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
