[Bug 72] ICMPs sent by REJECT are not getting SNAT'd
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Thu Sep 9 15:15:37 CEST 2004
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=72
gandalf at netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From gandalf at netfilter.org 2004-09-09 15:15 CEST -------
Your problem is that only packets with state NEW are traversing the nat table.
ICMP errors aren't state NEW, they are state RELATED so they will never traverse
the nat table. But their ipaddresses will be changed according to the
NAT-mapping of the connection they are related to.
In order to get the ICMP errors translated you need to DNAT all incoming
connections that are made to 200.1.1.1 so they are changed to 10.1.1.1
iptables -t nat -A PREROUTING -d 200.1.1.1 -j DNAT --to 10.1.1.1
That way the ICMP errors that are sent from 10.1.1.1 will be translated correctly.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the netfilter-buglog
mailing list