thr3ads.net - netfilter buglog - [Bug 72] ICMPs sent by REJECT are not getting SNAT'd [Sep 2004]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon@bugzilla.netfilter.org

2004-Sep-09 15:15 UTC

[Bug 72] ICMPs sent by REJECT are not getting SNAT'd

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=72


gandalf@netfilter.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




------- Additional Comments From gandalf@netfilter.org  2004-09-09 15:15 CEST
-------
Your problem is that only packets with state NEW are traversing the nat table.
ICMP errors aren't state NEW, they are state RELATED so they will never
traverse
the nat table. But their ipaddresses will be changed according to the
NAT-mapping of the connection they are related to.

In order to get the ICMP errors translated you need to DNAT all incoming
connections that are made to 200.1.1.1 so they are changed to 10.1.1.1

iptables -t nat -A PREROUTING -d 200.1.1.1 -j DNAT --to 10.1.1.1

That way the ICMP errors that are sent from 10.1.1.1 will be translated
correctly.



-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Possibly Parallel Threads

Search for more reasonably related threads

netfilter buglog - Sep 2004 - [Bug 72] ICMPs sent by REJECT are not getting SNAT'd

[Bug 72] ICMPs sent by REJECT are not getting SNAT'd

Possibly Parallel Threads

Wisdom of the Ancients