RE: DNAT working for one host but not another

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Brian,

Did you try using the REDIRECT target instead?

Best,
Jesus

-----Original Message-----
From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of Brian J. Murrell
Sent: 04 December 2016 21:07
To: netfilter@xxxxxxxxxxxxxxx
Subject: Re: DNAT working for one host but not another

On Sun, 2016-12-04 at 14:01 -0500, Brian J. Murrell wrote:
> I have a DNAT rule on a host who's purpose is to redirect traffic that 
> is destined for port 23768 to port 5060 on that host:

I should add, that what is going back to the 10.75.23.212 host is also
wrong:

14:04:53.723018 IP 10.75.23.212.6060 > 10.75.22.8.23768: UDP, length 0
14:04:53.877539 IP 10.75.22.8.5060 > 10.75.23.212.6060: SIP, length: 555
14:04:53.910351 IP 10.75.23.212.6060 > 10.75.22.8.23768: UDP, length 472
14:04:53.912158 IP 10.75.22.8.5060 > 10.75.23.212.6060: SIP, length: 555

As you can see, what is being returned is not having it's port un- natted back to 23768.  But that is perhaps unsurprising given that the connection never gets to ASSURED.

Cheers,
b.
��.n��������+%������w��{.n����z��׫�)��jg��������ݢj����G�������j:+v���w�m������w�������h�����٥
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux