Sorry for disturbung you, but I am not aware about a specialized forum/ml for
iproute2. I try to use iproute2''s dumb nat, I tried with kernels
2.4.27, .32 and 2.6.8.
While DNAT is working fine, I am not able to do any SNAT:
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:e2:10:88:5f brd ff:ff:ff:ff:ff:ff
inet 10.10.20.10/24 brd 10.135.28.255 scope global eth0
inet6 fe80::204:e2ff:fe10:885f/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:e2:10:80:d2 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 scope global eth1
I defined a ip rule:
lb-test-11:/usr/src/packages# ip rul sh
0: from all lookup local
32764: from 192.168.3.2 lookup main map-to 10.10.20.11
32766: from all lookup main
32767: from all lookup default
Packets comming in here (from 192.168.3.2):
# tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
16:53:07.472210 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1366
16:53:08.471939 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1367
16:53:09.471768 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1368
and go out here (They are _from_ 192.168.3.2 , so policy 32764 should match)
# tcpdump -n -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:54:45.454799 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1464
16:54:46.454559 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1465
16:54:47.454396 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1466
Source NAT is not takeing place. And no, I dont have any iptables rules in
PREROUTING.
Am I too dumb for or do I miss the point? Is there a way to log what policies
are "hit" by packets?
Best Regards,
Andreas
