Why is Linux appearing to do SNAT?
Hi all,
I have a v6-only network at home and decided to install Tayga to provide NAT64.
I have an ADSL router I use for standard v4 internet access, and a Linux IPv6 router box which runs an AYIYA tunnel, radvd, etc...
The ADSL router is a typical off-the-shelf unit running a DHCP server for 192.168.0.0/24.
The Linux router box is ethernetted to this (with address 192.168.0.11), and runs my main wireless network out of its wlan0.
Tayga runs in userspace on my Linux router box and exchanges packets with the Linux networking stack via a TUN device.
It's configured to use a range of temporary IPv4s which it allocates to v6 machines on a temporary basis, as packets are routed through it. The range is 192.168.255.0/24.
So, if I ping6 MY_NAT64_PREFIX::8.8.8.8 from one of my v6-only machines, it's routed to the Tayga TUN interface.
tcpdump on the TUN shows that Tayga responds by pushing out a v4 ICMP packet with source: 192.168.255.41, and destination: 8.8.8.8 .
That's all very well, and what I expect. So we have an ICMP packet, (192.168.255.41 -> 8.8.8.8), coming into the kernel from that TUN device.
Here's the thing: If I then tcpdump eth0, the interface which is sitting on the ADSL router's segment @ 192.168.0.11, we see the ping going off to the ADSL router, but with the source address replaced with that of my router box on the ADSL router's segment, 192.168.0.11!
I know the source address would need to be translated in this way in order to permit the ADSL router to route response messages back; I figured I'd write some iptables rules to do just this. It looks like some part of the kernel is already doing it for me. I currently don't do any NAT on my Linux router box, it just connects the segments, so I've got nothing in iptables that could be doing this.
I'd very much appreciate it if someone could let me know what's going on, and where the switch is to control this behaviour?
Kind Regards,
Lee.
|