Changing source/destination address for local packets
Patrick McHardy
kaber at trash.net
Mon Jun 25 18:09:05 CEST 2007
Tomas Mandys wrote:
> Hi,
> I playing in my RTPPROXY module (finally almost ready) with change of source
> and destination addresses. It works but there is problem when is changed
> address for locally generated packets to another local address.
>
>
> IP: 192.168.1.1
> UDP packet: 192.168.1.1:10000 --> 192.168.1.1:50000
> OUTPUT hook changes destination address (like DNAT) resp. dest port only:
> 50000 --> 20000
> POSTROUTING changes source port (like SNAT): 10000 --> 60000
> now PREROUTING is called but conntrack (ip_conntrack_get) is related to
> session 192.168.1.1:10000 --> 192.168.1.1:50000
> (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip/udp.port) instead
> address from (*pskb)->nh.iph->daddr (192.168.1.1:60000), pudph->dest
> (192.168.1.1:20000).
You need to change the conntrack tuples as well if you mangle
a packet in case you're not using the standard NAT functions
for this (which you probably should). If you change the destination
address to a local one you additionally need to perform rerouting
(you *should* do that whenever you change the destination in OUTPUT,
but for this case it really is necessary).
More information about the netfilter-devel
mailing list