Mailing List Archive: iptables: User

Sometimes SNAT is not working

Index | Next | Previous | View Threaded

manish.jain at globallogic

Aug 27, 2007, 1:35 AM

Post #1 of 2 (641 views)
Permalink

Sometimes SNAT is not working

Hello,

I am using some internal IPs (169.254.x.x) on my box and then performing
SNAT and DNAT from/to this IP to/from actual public IP.

It has been observed that sometimes SNAT does not work and internal IP
exposed to outside world.

Please share your experiences. Whether it has to do with connection
tracking in some way or other?

Best Regards,
Manish Jain

pascal.mail at plouf

Aug 27, 2007, 7:41 AM

Post #2 of 2 (576 views)
Permalink

Re: Sometimes SNAT is not working [In reply to]

Hello,

Manish Jain a écrit :
>
> I am using some internal IPs (169.254.x.x) on my box and then performing
> SNAT and DNAT from/to this IP to/from actual public IP.

Note : you should consider using an address range other that
169.254.0.0/16 which is reserved for non routable link local
communications (see RFC 3330). You could use a private address range in
10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 (see RFC 1918) instead.

> It has been observed that sometimes SNAT does not work and internal IP
> exposed to outside world.
>
> Please share your experiences. Whether it has to do with connection
> tracking in some way or other?

Probably. NAT does not work on packets in the INVALID or NOTRACK state.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads