DNAT translate source adress problem

DNAT translate source adress problem

Post by giorgi.tsula.. » Thu, 06 Dec 2007 21:42:14



Hello all
I have fedora core 6 installed.
I am doing dnat (port mapping)
Here is a rule
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to
192.168.0.233:25
It's doing dnat but in mail server side i can not get source ip
adress.
Can somebody explain me why do i have such problem?
 
 
 

DNAT translate source adress problem

Post by Pascal Hambour » Thu, 06 Dec 2007 23:41:05


Hello,


Quote:> I am doing dnat (port mapping)
> Here is a rule
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to
> 192.168.0.233:25

Note that ":25" is optional as the destination port is unchanged.

Quote:> It's doing dnat but in mail server side i can not get source ip
> adress.

What do you mean exactly ?

 
 
 

1. Trying to DNAT to Broadcast-Adress

Hi all,

I'm just trying to enable DNAT to forward packets arriving at one
special port to the broadcast-address of our LAN:
(forwarding is enabled)

iptables -t nat -A PREROUTING -i eth1 -p udp --dport 2107 -j DNAT \
--to-destination 192.168.0.255:2107

eth1 is the ethernet-device connecting to the 192.168.1.x net. So
anything arriving at port 2107 should be forwarded to the LAN's
broadcast address.

Anything wrong about that?
I'm using RedHat 7.2, Kernel 2.4.9-21, iptables iptables-1.2.4-2

I tested this before using
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 2107 -j DNAT \
--to-destination 192.168.0.151:2107

Surprisingly this still works, though the forwarding to the broadcast
does NOT work - packets are still forwarded to ip 192.168.0.151.

After re-starting my firewall nothing changes... I also restarted
iptables. I have NOT restartet the whole network on this machine since
it is used as production environment at the moment.

Could there be a bug in the DNAT-implementation? Or is it simply not
possible to DNAT packets to the broadcast address?

Any clues?
I really would be glad about some help...

Thanks,
Kai

2. problems with installing from bootdisk & rootdisks

3. getting dest. adress after DNAT

4. IBM's DVD-RAM

5. Trying to DNAT to Broadcast-Adress / how can I tunnel a broadcast through a firewall

6. Koffice, install probs

7. IPTables DNAT Problem - source lo

8. Q: Tyan Tiger Mainboard & Intel Chassis

9. IPTABLES DNAT rewriting source IP

10. how to get ip adress of MX host for some email adress

11. Prevent access to linux server when mac adress does not match ip adress

12. dynamic ip-adresses to fix adresses

13. source adress verification