DNAT/SNAT doubt

Wed Dec 7 10:13:26 CET 2005

Hi,

Don't you forget to allow ip_forward on your Linux box ?

echo 1 > /proc/sys/net/ipv4/ip_forward
or in /etc/sysctl.conf

Regards,

Olivier GRALL

Sandro Dentella a écrit :

>Hi all,
>
>  a nameserver managed by one of my customers died unexpectedly, they asked
>  me to redirect all traffic to another DNS in a totally different
>  network. Should it work? (it didn't in my case...)
>
>Chain PREROUTING (policy ACCEPT 656 packets, 33024 bytes)
> pkts bytes target     prot opt in     out     source               destination
> 1410 93104 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:53 to:XXX
>
>Chain POSTROUTING (policy ACCEPT 628 packets, 31631 bytes)
> pkts bytes target     prot opt in     out     source               destination
>    0     0 SNAT       udp  --  *      *       0.0.0.0/0            XXX    udp dpt:53 to:YYY
>
>  you can see that no packets entered the POSTROUTING chain even thought in
>  my opinion all packets ther entered the PREROUTING rule should enter the
>  POSTROUTING one. Am I wrong?
>
>  TYA
>  sandro
>  *:-)
>
>
>  
>