Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: User

SNAT w/ uid-owner issue



iptables user RSS feed   Index | Next | Previous | View Threaded

david at davidcoulson

Aug 1, 2007, 7:51 AM

Post #1 of 1 (913 views)
SNAT w/ uid-owner issue

I have a pretty simple NAT rule going on here:

iptables -t nat -A POSTROUTING -d ! -s -p !
esp -m owner --uid-owner dante -j SNAT --to

Not rocket science - danted is running on, I'm connecting from over IPSec - Hence why I 1) tell it to ignore ESP (which says
it comes from 219.93, plus it's still using 'dante' as the uid) 2) I'm
telling it to ignore everything going to

With this rule in place, I see this in my conntrack table:

tcp 6 267 ESTABLISHED src= dst= sport=1080
dport=2097 [UNREPLIED] src= dst= sport=2097
dport=1080 mark=0 use=1

Clearly wrong - There are no other rules related to my 150 address in my
tables. Indeed, if I take out the SNAT rule, it will work fine. Now, if
I change the SNAT to a 'LOG' entry, it only logs the rule hits that are
correct, and not these ones that are wrong. I'm running a
kernel, which I realized is older than the hills, but other than this it
has been working happily.

Any ideas? I may try upgrading to shortly, but I don't even
know if that will fix it.

iptables user RSS feed   Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.