Destination NAT question
skaya@enix.org
skaya@enix.org
Mon, 10 Dec 2001 13:57:14 +0100 (CET)
> Hmm, interesting. I've tried what you say, and a tcpdump now shows traffic on
> the internal address with the correct source and destination addresses,
> however I'm not making a successful connection...
could you please indicate what you see on the tcpdump, and indicate
the IP configuration of the NAT box and the internal box, with their
routing tables (if you changed them from the default) ?
normally, you should have something like :
(say 10.0.0.0 is internal, and 1.2.3.0 is external...)
(on NAT box, say eth0 is internal, eth1 is external)
internal host : eth0 = 10.0.0.123, default route = 10.0.0.1
NAT box : eth0 = 10.0.0.1, eth1 = 1.2.3.1, default route = upstream router
when ping'ing internal host from NAT box (using public address),
the packet goes thru the nat-OUTPUT chain, and is DNAT'ted, thus
1.2.3.1 => 1.2.3.123 becomes 1.2.3.1 => 10.0.0.123
when the answer comes back, 10.0.0.123 => 1.2.3.1 should
be "de-NAT'ted" by connection tracking.
if that still does not work, check that there's no intervening rules
(I think that anyway, "de-NAT'ting" bypasses normal rules...)