Hello, Michael Schwartzkopff a écrit : > > For some special reasons I want to alter the IP address of outgoing packets > that are generated locally to a secondary IP address on my machine. For a test > I use the udp/echo service. Without any rules a tcpdump looks like this: > > 192.168.56.101 is the primary address of the echo server and 192.168.56.16 is > the secondary address of the interface. > > 08:24:04.063987 IP 192.168.56.1.48462 > 192.168.56.16.echo: UDP, length 6 > 08:24:04.064522 IP 192.168.56.101.echo > 192.168.56.1.48462: UDP, length 6 > > So I add the iptables rule: > > iptables -t nat -I POSTROUTING -p udp -s 192.168.56.101 --sport 7 \ > -j SNAT --to-source 192.168.56.16 > > now tcpdump shows that no answer packet is sent out any more: > > 08:24:16.851095 IP 192.168.56.1.55362 > 192.168.56.16.echo: UDP, length 6 > > > With iptables -t nat -L POSTROUTING I can see that the rule is hit since the > counter increases. Also a iptables TRACE shows me that the rule is hit. No > filter appears in the TRACE log. > > Any ideas where the packet vanished? Clash with an existing connection entry (the one created by the incoming packet) -> source port changed or packet dropped. What was the full tcpdump command used ? Any filters ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
