On Thu, 2012-10-11 at 12:41 +0300, Denys Fedoryshchenko wrote: > Hi all > > I have NAT box, with very simple rule > iptables -t nat -I POSTROUTING -s 10.0.0.0/8 -j MASQUERADE > It can be SNAT also, and it works fine, as NAT. > > When i generate icmp _reply_ packet, to some host > hping -I ppp0 -1 --icmptype 0 8.8.8.8 > > It will pass the box, and will exit it without NAT, e.g. with original > IP 10.x.x.x > on outgoing interface, which is not expected behavior IMHO. > Is it a bug or feature? > It depends, -s 10.0.0.0/8 wont match the rule if the source address should be 198.23.44.55 I guess ? I would try the more obvious iptables -t nat -I POSTROUTING -o device -j MASQUERADE -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
