Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: User

SNAT w/ uid-owner issue

 

 

iptables user RSS feed   Index | Next | Previous | View Threaded


david at davidcoulson

Aug 1, 2007, 7:51 AM

Post #1 of 1 (653 views)
Permalink
SNAT w/ uid-owner issue

I have a pretty simple NAT rule going on here:

iptables -t nat -A POSTROUTING -d ! 10.0.0.0/8 -s 207.166.219.93 -p !
esp -m owner --uid-owner dante -j SNAT --to 207.166.203.150

Not rocket science - danted is running on 10.1.1.2, I'm connecting from
10.6.1.40 over IPSec - Hence why I 1) tell it to ignore ESP (which says
it comes from 219.93, plus it's still using 'dante' as the uid) 2) I'm
telling it to ignore everything going to 10.0.0.0/8.

With this rule in place, I see this in my conntrack table:

tcp 6 267 ESTABLISHED src=10.1.1.2 dst=10.6.1.40 sport=1080
dport=2097 [UNREPLIED] src=10.6.1.40 dst=207.166.203.150 sport=2097
dport=1080 mark=0 use=1

Clearly wrong - There are no other rules related to my 150 address in my
tables. Indeed, if I take out the SNAT rule, it will work fine. Now, if
I change the SNAT to a 'LOG' entry, it only logs the rule hits that are
correct, and not these ones that are wrong. I'm running a 2.6.15.1
kernel, which I realized is older than the hills, but other than this it
has been working happily.

Any ideas? I may try upgrading to 2.6.22.1 shortly, but I don't even
know if that will fix it.

iptables user RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.