-   Linux - Networking (
-   -   strange NAT problem (

zsoltrenyi 06-12-2006 08:23 AM

strange NAT problem

I have a strange nat problem
I became the administrator of a linux gateway using firehol.

This machine is a gateway for a small subnet /28. I have some DNAT enabled for some users to connect from home to their PC-s at work. Theese users connect to one of the IP's from my subnet. If I issue an iptables -t nat -L -n I can see the rules witch DNAT the traffic from theese users with destination to the local ip-s, but at the SNAT part I see the traffic going outside only SNAT-ed to my gateways IP.

So for example: Let's say I have for my gateway, and a pc behind that gateway. Users from home connect to but theese are beeing DNAT-ed at the gateway to 192.168.X.X (a pc on the network). The problem is that according to iptables everything is SNAT-ed to (the gateways ip).
But this is not true. If I start capturing packets with tcpdump I see that traffic sourced from And the users can connect to their pc's (they connect to and they get replies also from
On the inside interface of the gateway I capture packets sourced from 192.168.x.x and on the outside interface they are sourced from So the nat is done by the gateway.
I checked iptables -t nat and iptables -t mangle but this address doesn't appear there.

Any help would be appreciated. Where else should I check? Firehol is doing something without iptables?

zsoltrenyi 06-14-2006 04:21 AM

I found a problem but I don't know how to fix it.

The Snat is done in a chain called nat.5, and if I try to view that chain with iptables -t nat -n -L nat.5 it says:

Chain nat.5 (12 references)
target prot opt source destination
RETURN all -- anywhere
RETURN all -- anywhere
RETURN all -- anywhere
RETURN all -- anywhere
RETURN all -- anywhere
RETURN all -- anywhere
SNAT all -- anywhere anywhere to:x.x.x.x

So there should be 12 references wright?
But I can see only 7. Does anybody know why?

All times are GMT -5. The time now is 11:22 PM.