iptables/SNAT not working
From: Steffen Koepf (Taxman-usenet_at_opaya.de)
Date: 01/31/05
- Next message: buck: "Re: How to establish connections to the servers inside a DMZ?"
- Previous message: John Fields: "Re: Peterson's Death Sentence"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 31 Jan 2005 18:48:16 +0100 (CET)
Hello,
i try to get SNAT working, but with no success.
The setup is:
Network A (eth1): 10.11.112.0/24 (Routed worldwide)
Network B (eth2): 192.168.21.0/24 (Private)
There is a laptop within Network B (192.168.21.52) that should
reach the world (www, telnet, ...).
I did on the linux router:
/sbin/ip addr add 10.11.112.106 brd + dev eth1 label eth1:2
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.21.52 -o eth1 -j SNAT --to 10.11.112.106
Used kernel is 2.6.10.
There is no other rule in iptables.
/proc/sys/net/ipv4/ip_forward contains a "1".
What happens is, that packets from the laptop are routed out to the world
but keep the source address (and coz of this, the answer never reaches the
router), the iptables rule does never match:
root@tkserv:/home/sk# iptables -L -n -x -v -t nat
Chain PREROUTING (policy ACCEPT 202 packets, 13260 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 61 packets, 7239 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * eth1 192.168.21.52 0.0.0.0/0 to:10.11.112.106
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
root@tkserv:/home/sk#
Does someone know whats wrong and can help me?
Greetings,
Steffen
- Next message: buck: "Re: How to establish connections to the servers inside a DMZ?"
- Previous message: John Fields: "Re: Peterson's Death Sentence"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
