Question regarding packet src/dst rewriting
Samuel Jean
sj-netfilter@cookinglinux.org
Sat Aug 21 16:10:35 CEST 2004
On Fri, August 20, 2004 12:32 pm, Russell Handorf said:
> The weird behavior I am having is that whenever a packet from the
> Internet comes in interface eth0, and gets forwarded to a server on
> eth1, the server which resides on the eth1 side of the network sees the
> source IP as coming from the router and not the real host on the
> Internet. Vice versa applies as well (a node behind eth1 sends a packet
> out to, say, google.com. Google.com sees the data as coming from the
> router, and not the node which is behind eth1).
>
My assumption is that you are using a MASQUERADE rule regardless of the
outgoing device.
> I dont understand why the packet headers are being re-written. I also
> dont understand if this is a specific problem with iptables, or the
> linux kernel itself.
>
> eth2 and eth3 are masquerading, but eth1 is not.
>
Okay, so you are using 2 MASQUERADE rules with specific outgoing device ?
Please post your ruleset. PREROUTING and POSTROUTING chains should be eno=
ugh.
More information about the netfilter
mailing list