DNAT again

[Harald Scharf]

Yesterday, i made a post to this list about strange DNAT Problems.
Because there came no answer, i took a sniffer and tracked the ip flow
through our network 
and found something interesting.

The Problem was : 
DNAT worked fine from the Internet (external) , but if a request came from
the internal Network ,
the Translation Failed.

If the IP request comes from the Internet (external), then DNAT worked
perfectly all the time --> 

tcpdump on the NAT Server :
timestamp . SOURCE IP.PORT -> NAT_SERVER.IP.PORT

tcpdump on the Web Server :
timestamp. SOURCE.IP.PORT -> WWW.SERVER.IP.PORT

but....

if the Request comes from my private Network, the tcpdump was like :

timestamp. CLIENT.IP.PORT -> NAT_SERVER_PORT.

I tried to put the DNAT Rule to the OUTPUT Nat Chain, but the packet never
passed this one (its for lokal routing 
purpose only i think).

And if i had a look to the packet Counter of the PREROUTING Chain, the
Packet definitively passed the PREROUTING DNAT Rule,
but the Packet could never come back, because of the wrong dest.ip Address.

So i took the rinetd Package from boutell and look : Prefect Port forwarding
without any Problems (internal and external)

any ideas ?

web server
Harald Scharf
Intel Certified Integration Specialist Networking
Softpoint electronic
Netzwerksysteme / Firewalls
Bricks Core Development
mailto:h.scharf@softpoint.at
www.bricks.at
www.softpoint.at