Problem in setting NAT using IP tables for kernel 2.4.x

Rahul Hirve rahulhirve at
Sun Apr 3 07:41:47 CEST 2005

hi all 
	I am using uClinux to test nat on IXDP425 the setup is use is as shown below

with subnet <-------------[ixp0: (IXDP425) ixp1:]----------->PC with					 				             
                          Default Gateway

now here th IXDP425 acting as router with ip_forward = 1
ixp0(eth1) with IP is acting as WAN port connecting to LAN
of subnet and

ixp1(eth0) is acting as LAN port connecting to PC of IP
with default gateway as

I have inserted all modules required for filter and nat applications viz.

insmod ip_tables.o
insmod ip_conntrack.o
insmod iptable_filter.o
insmod iptable_nat.o
insmod ipt_LOG.o
insmod ipt_limit.o
insmod ipt_state.o
insmod ipt_MASQUERADE.o
insmod ip_conntrack_ftp.o
insmod ip_conntrack_irc.o
insmod ip_nat_ftp.o
insmod ip_nat_irc.o
insmod iptable_mangle.o

now the scrip i have done for nat is 


#Flush any rules that may still be configured
iptables -t filter -F INPUT
iptables -t filter -F OUTPUT
iptables -t filter -F FORWARD
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING
iptables -t nat -F OUTPUT

# Set the default policies for the chains
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

# Set up the firewall rules
iptables -t filter -A INPUT -i ${LOOPBACK} -j ACCEPT
iptables -t filter -A INPUT -i ${LAN} -j ACCEPT
iptables -t filter -A INPUT -i ${WAN} -j ACCEPT

# Set up the ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t filter -A FORWARD -i ${LAN} -o ${WAN} -j ACCEPT
iptables -t filter -A FORWARD -i ${WAN} -o ${LAN} -j ACCEPT

iptables -t nat -A POSTROUTING -s -o ${LAN} -j SNAT --to

now i am pinging 10.0.10.x/23 machine from machine but it
is not doing it WHY?
I have captured the packets using ethereal at 10.0.10.x/23 (the
machine to which i am pinging)
and the result is The IP of is the same in packet but
according to me it should change to

can anyone help me to solve this problem?


More information about the netfilter mailing list