Hello,
I am doing my research in IPv6 transition technologies, right now I am
building a test-bed with Debian-based virtual machines, for testing
purposes.
There is this topology called 464XLAT, of IPv6-IPv4 transition.
On VM-3, I am implementing iptables with (-j masquerading) argument.
Packets leaving from eth2 (of VM-3) have to have the new src address
(198.51.100.1) on their way out toward VM-4.
| VM-1 |eth1 | VM-2 | | VM-3 | eth2
eth1 | VM-4 |
VM-1 eth1 : 10.0.0.2
VM-3 eth2 : 198.51.100.1
VM-4 eth1 : 198.51.100.2
I am flooding (VM-4) with SYN packets using the hping3 command (from
VM-1 toward VM-4).
hping3 -S -p 80 198.51.100.2 --flood
The iptables rule is implemented on (VM-3).
iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
VM-3 is actually using TAYGA software (ipv6-ipv4 translator).
The masquerading isn’t working for some packets and the source IP
isn’t changing.
The below tshark results (for some packets) show the original source
IP address (10.0.0.2) coming out of VM3-eth2.
root@PLAT:~# tshark -i eth2 -T fields -e ip.src -e tcp.srcport -e
ip.dst -e tcp.dstport -e ip.proto
Capturing on 'eth2'
198.51.100.1 5000 198.51.100.2 80 6
198.51.100.2 80 198.51.100.1 5000 6
10.0.0.2 5000 198.51.100.2 80 6
10.0.0.2 5000 198.51.100.2 80 6
To sum up, the rule is working for most of the packets and doesn’t for others.
Is this a familiar thing? Or I am missing something here?
Any feedback would be really appreciated.
Kind Regards
Ameen
