Hello. Have you enabled the ip forward? 2015-12-04 12:43 GMT+03:00 Scott Bronson <bronson@xxxxxxxxxxx>: > Is there any reason for a packet to just disappear when it gets > DNATed? (other than rp_filter, which is disabled) > > > Background: > > I have a typical libvirt setup, where VMs share a private network, > and the host masquerades them onto the internet. > > In addition, the host is forwarding port 25 to a VM using DNAT. > > > The Problem: > > I log into the VM and try to connect to port 25 on the host's public > IP. > > $ ncat u32.net 25 > > On the VM, that command just times out. It works from the internet > and on the host (thanks Noel). > > Logging demonstrates that the VM sends the packet to the host just fine. > Then, after the host DNATs it, it just disappears. I would expect it to > get routed back to the VM. > > > More Details: > > The VM creates the packet: src=192.168.122.10:23456 dst=173.233.67.174:25 > > * it arrives on the host's raw:PREROUTING > * it moves to mangle:PREROUTING > * it then goes to nat:PREROUTING > * Rule 5 DNATs the destination to 192.168.122.10 > > And that's it! Nothing more happens, the packet is gone. > > > Here's my research with tables and traces: > https://gist.github.com/bronson/c857a462edb0c6eeab2d > > Can anyone tell me what to look at here? I'm stumped. > > - Scott > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Anton. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
