Fun with the mangle table + LARTC

/dev/rob0 rob0 at gmx.co.uk
Mon Aug 1 15:01:38 CEST 2005


Gavin Hamill wrote:
> Hi - this is one of those "not sure if it's netfilter or LARTC" issues,

I'm not sure either, but here's a guess.

> -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth1 -j MASQUERADE
> -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth2 -j MASQUERADE

Why MASQUERADE? Try using SNAT rules.

> using tcpdump I can see the outgoing and reply packets on eth2 with the 
> correct source address (i.e. the one the ISP on eth2 gives me) set, but 
> tcpdump on eth0 shows only the packets from the MASQ'd host - the replies 
> from the Internet host are not passed through.

Is there anything dropping the packets in FORWARD? Try tracking with 
iptables LOG rules rather than tcpdump.
-- 
     mail to this address is discarded unless "/dev/rob0"
     or "not-spam" is in Subject: header



More information about the netfilter mailing list