Fun with the mangle table + LARTC

Gavin Hamill gdh at acentral.co.uk
Mon Aug 1 17:41:19 CEST 2005


On Monday 01 August 2005 14:01, /dev/rob0 wrote:
> Gavin Hamill wrote:
> > Hi - this is one of those "not sure if it's netfilter or LARTC" issues,
>
> I'm not sure either, but here's a guess.
>
> > -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth1 -j MASQUERADE
> > -A POSTROUTING -s 10.0.0.0/255.255.255.0 -o eth2 -j MASQUERADE
>
> Why MASQUERADE? Try using SNAT rules.

MASQ because the IP addresses on each interaface are DHCP - home ISPs - not 
business ones :)

> > using tcpdump I can see the outgoing and reply packets on eth2 with the
> > correct source address (i.e. the one the ISP on eth2 gives me) set, but
> > tcpdump on eth0 shows only the packets from the MASQ'd host - the replies
> > from the Internet host are not passed through.
>
> Is there anything dropping the packets in FORWARD? Try tracking with
> iptables LOG rules rather than tcpdump.

OK, I'll give that a whirl :)

Cheers,
Gavin.



More information about the netfilter mailing list