Re: Packet disappears after DNAT?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Dec 15, 2015 at 11:45 AM, Pascal Hambourg
<pascal@xxxxxxxxxxxxxxx> wrote:
> Scott Bronson a écrit :
>> iptables -t nat -I POSTROUTING -s 192.168.122.10 -d 192.168.122.10 -p
>> tcp -j MASQUERADE
>
> Why restrict the MASQUERADE to TCP and UDP ?

Good question.  Editing mistake.  I'm actually forwarding different
ports to different guests depending on port number:

iptables -t nat -A POSTROUTING -s 192.168.122.10/32 -d
192.168.122.10/32 -p udp --dport 53 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.122.10/32 -d
192.168.122.10/32 -p tcp --dport 53 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.122.12/32 -d
192.168.122.12/32 -p tcp --dport 25 -j MASQUERADE


FWIW, here's the script as it stands today:
    https://github.com/bronson/libvirt-hook-qemu/tree/hostfix
    https://github.com/bronson/libvirt-hook-qemu/blob/hostfix/qemu
And an example of the rules it inserts:
    https://github.com/bronson/libvirt-hook-qemu/blob/hostfix/test_qemu.py#L58-L73

It seems a little overcomplex but it's working great.  Huge thanks to everyone.

    - Scott
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux