LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-18-2015, 04:45 AM   #1
bizarrefish
LQ Newbie
 
Registered: Apr 2015
Posts: 5

Rep: Reputation: Disabled
Why is Linux appearing to do SNAT?


Hi all,

I have a v6-only network at home and decided to install Tayga to provide NAT64.

I have an ADSL router I use for standard v4 internet access, and a Linux IPv6 router box which runs an AYIYA tunnel, radvd, etc...


The ADSL router is a typical off-the-shelf unit running a DHCP server for 192.168.0.0/24.
The Linux router box is ethernetted to this (with address 192.168.0.11), and runs my main wireless network out of its wlan0.


Tayga runs in userspace on my Linux router box and exchanges packets with the Linux networking stack via a TUN device.

It's configured to use a range of temporary IPv4s which it allocates to v6 machines on a temporary basis, as packets are routed through it. The range is 192.168.255.0/24.

So, if I ping6 MY_NAT64_PREFIX::8.8.8.8 from one of my v6-only machines, it's routed to the Tayga TUN interface.

tcpdump on the TUN shows that Tayga responds by pushing out a v4 ICMP packet with source: 192.168.255.41, and destination: 8.8.8.8 .

That's all very well, and what I expect. So we have an ICMP packet, (192.168.255.41 -> 8.8.8.8), coming into the kernel from that TUN device.

Here's the thing: If I then tcpdump eth0, the interface which is sitting on the ADSL router's segment @ 192.168.0.11, we see the ping going off to the ADSL router, but with the source address replaced with that of my router box on the ADSL router's segment, 192.168.0.11!

I know the source address would need to be translated in this way in order to permit the ADSL router to route response messages back; I figured I'd write some iptables rules to do just this. It looks like some part of the kernel is already doing it for me. I currently don't do any NAT on my Linux router box, it just connects the segments, so I've got nothing in iptables that could be doing this.

I'd very much appreciate it if someone could let me know what's going on, and where the switch is to control this behaviour?


Kind Regards,
Lee.
 
Old 04-18-2015, 02:38 PM   #2
bizarrefish
LQ Newbie
 
Registered: Apr 2015
Posts: 5

Original Poster
Rep: Reputation: Disabled
I found what was happening!

Debian has an iptables rule as part of the /etc/init.d/tayga script, activated by CONFIGURE_NAT44="yes" in /etc/default/tayga.

It was sitting right at the bottom of the iptables readout in the POSTROUTING section. I must have just repeatedly missed it. heh.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Best Appearing Linux Master Om Linux - Newbie 43 04-17-2014 01:35 PM
Quagga for Linux Routing without SNAT or MASQUERADE. Zepiroth Linux - Networking 1 03-12-2007 11:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration