On 07/21/2013 02:21 PM, Al Grant wrote:
Hi All, Doing a little experimenting with iptables and more specifically SNAT. I have two computers, a Ubunutu box and a Win7 box with a switch between them. On the Ubuntu box (192.168.15.200) I have added: iptables -t nat -A POSTROUTING -o eth4 -j SNAT --to-source 192.168.15.201 Now I run wireshark on the Win7 machine and various bits of broadcast traffic which was coming from .200 now shows as from .201 - great! So I tried a ping from the Win7 machine and would expect a reply to show in wireshark, but that the src address be changed to .201 - but nope I get a reply from .200. How is this so? Conversely a ping from the Ubuntu machine to the win7 machine shows the packets with a src of .201 in wireshark - as expected.
I think, this is due to the fact that 'nat' table will be consulted only for new connections. Unlike ping request, the ping *reply* may not be considered as part of a new connection.
Regards, Vignesh -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
