Is there any reason for a packet to just disappear when it gets
DNATed? (other than rp_filter, which is disabled)
Background:
I have a typical libvirt setup, where VMs share a private network,
and the host masquerades them onto the internet.
In addition, the host is forwarding port 25 to a VM using DNAT.
The Problem:
I log into the VM and try to connect to port 25 on the host's public
IP.
$ ncat u32.net 25
On the VM, that command just times out. It works from the internet
and on the host (thanks Noel).
Logging demonstrates that the VM sends the packet to the host just fine.
Then, after the host DNATs it, it just disappears. I would expect it to
get routed back to the VM.
More Details:
The VM creates the packet: src=192.168.122.10:23456 dst=173.233.67.174:25
* it arrives on the host's raw:PREROUTING
* it moves to mangle:PREROUTING
* it then goes to nat:PREROUTING
* Rule 5 DNATs the destination to 192.168.122.10
And that's it! Nothing more happens, the packet is gone.
Here's my research with tables and traces:
https://gist.github.com/bronson/c857a462edb0c6eeab2d
Can anyone tell me what to look at here? I'm stumped.
- Scott
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
