How to get static NAT working with iptables?
Matthew G. Marsh
mgm@paktronix.com
Fri, 17 Nov 2000 15:17:58 -0600 (CST)
On Sat, 18 Nov 2000, James Morris wrote:
> On Fri, 17 Nov 2000, Herr Andre Kuester wrote:
>
> > Hi folks, maybe you can help me...
> >
> > I have no idea whether real static 1:1 NAT works with iptables...
[snip]
> You may want to look at 'fast' NAT, which is implemented in the advanced
> routing code in the kernel and provides static mapping. Note that it does
> not have connection tracking, protocol helpers or any other bells and
> whistles. You'll need the iproute2 package and documentation to make use
> of it.
Speaking of this - if ip_conntrack is loaded then you can no longer do
FastNAT. The packets leave with the NAT address but the replies are
dropped. :-{
Still trying to figure that out - a clean 2.4.pre10, NF CVS 110200,
iproute2 Oct 2K.
As soon as I rmmod ip_conntrack everything goes back to normal. Even tried
setting every table (mangle, nat, filter) and hook to ACCEPT 0/0 0/0.
> - James
> --
> James Morris
> <jmorris@intercode.com.au>
--------------------------------------------------
Matthew G. Marsh, President
Paktronix Systems LLC
1506 North 59th Street
Omaha NE 68104
Phone: (402) 932-7250
Email: mgm@paktronix.com
WWW: http://www.paktronix.com
--------------------------------------------------