Re: iptables + local server via udp + conntracking + 2 uplinks = wrong source address for replies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2012-07-01 at 16:35 +0300, Valts Silaputnins wrote:
<snip>
> However the source address was still wrong. Ok so I tried to fix that by
> adding SNAT to POSTROUTING chain. Only to realize that for some reason
> those packets don't hit it (checked by -j TRACE...).

What are your rules for this? As long as the packets are actually
hitting that chain then I don't see why they wouldn't be sent to the
SNAT target.

> So I started googling for reasons for this problem, however results seem
> to condradict each other, some say it (well for tcp I suppose) works
> fine, some say SNAT for OUTPUT doesn't work at all.

I don't see why it should be a problem, but you have to use SNAT in the
POSTROUTING chain not OUTPUT. From the man page:

 SNAT   This  target  is only valid in the nat table, in the POSTROUTING
chain.

Andy


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux