Some nat configuration problem with iptables.
- From: "ChaoZhang" <chaozh@xxxxxxxxxx>
- Date: 26 Nov 2006 01:20:56 -0800
I configured iptables to support nat, the configuration just like this:
iptables -t nat -A PREROUTING -d 47.154.129.34 -p udp -m udp --dport
20002 -j DNAT --to-destination 172.16.2.145:5000
iptables -t nat -A POSTROUTING -s 47.152.0.0/255.255.0.0 -d
172.16.2.145 -p udp -m udp --dport 5000 -j SNAT --to-source 10.200.6.20
I also set ip_forward true in sysctl.conf.
the questions is:
1. In Fedora core 5, I set ip_foward true in sysctl.conf, the nat
configuration can work well. but in Fedora core 6, I did like this and
found it can't work. After I used 'echo 1 >
/proc/sys/net/ipv4/ip_forward', it began to work, why? is there
difference between them?
2. From my nat configuration, I mainly want to nat UDP packets. I have
a terminal which will connect to equipments through my linux server,
the nat can work well, the equipments will send udp packets like
heartbeat to terminal every 2 mins. But I found my linux server won't
transfer the heartbeat to terminal. I guesses the iptables won't keep
this ip-to-port map relationship too long. It will clear up some
'unused' map. If so , How can I configure it? I tried to change
'net.ipv4.netfilter.ip_conntrack_udp_timeout_stream' and
'net.ipv4.netfilter.ip_conntrack_udp_timeout', but no useful. Someone
told me that iptables has a bug with VOIP, is this ture?
many thanks.
.
- Prev by Date: New Mail Server | 14 Bounced Messages from my Domain Email
- Next by Date: Re: kubuntu ethernet setup help, please
- Previous by thread: New Mail Server | 14 Bounced Messages from my Domain Email
- Next by thread: Transparent eth0/ath0 bridge with connection to wireless
- Index(es):
Relevant Pages
|
