LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-21-2011, 08:19 AM   #1
naghi32
Member
 
Registered: Dec 2008
Distribution: Slackware
Posts: 39

Rep: Reputation: 17
Nat-ing, Routing trouble


First of all i want to say hello, i have been reading the forums for a long time and they have helped me alot.
Now with the trouble.

I have the following setup
bridge0 with slaves eth0 and eth1 ( traffic passes thru the bridge basicly unfiltered, and it does cross as xx.xx.xx.1 can see the other machines )
ip_forward and bridge-nf-call-iptables are both activated (1)
on eth0 there is a single ip , which is the gateway ( xx.xx.xx.1)
on eth1 is the rest of the network, xx.xx.xx.x/23
the current server sits between the gateway and the rest of the network to perfom trafic shaping ( and various other stuff )
the current server is NOT the gateway ( it actualy ends in .252 and is set on br0 )

iptables:
FORWARD: policy ACCEPT
INPUT: policy drop, and state RELATED,ESTABLISHED accepted.
input -p tcp/udp --dport 30000 -j ACCEPT

nat table
POSTROUTING:
-s xx.xx.xx.8/32 -d xx.xx.xx.177/32 -j SNAT --to xx.xx.xx.252 ( current server )
PREROUTING:
-p tcp -s xx.xx.xx.8/32 -d xx.xx.xx.252/32 --dport 30000 -j DNAT --to xx.xx.xx.177:80

The Trouble !
All i want is for the above rule to have effect
as the gateway is out of my control ( xx.xx.xx.1 ) i must do nat on the current machine

now the packets enter the prerouting table, the destinations probably gets changed ( unknown )

the packets match the rule ( i see a count for them ) but they do not ever leave the machine.

the postrouting rule never activates, and using tcpdump the packets never get forwarded to the .177 host

Any ideeas ?
I have used tcpdump to watch if the packets leave ANY interface ( actualy i watched them all ) and they do not leave towards the .177 host.

the .177 host is alive and well as i am able to access it manualy.
I am using Slackware 13.1 with the kernel updated to 2.6.37.4 ( the original kernel was 2.6.33.4 )
can it be because of the kernel update ?

I must add that the same rules have worked on a slackware 12.1 with the distro's kernel.

Can it be that i have to add aditional rules to the bridging interface (ebtables) ? ( they're all default )

ps: while i can simply copy/paste firewall codes i prefer pseudo-code.
ps2: my english sucks so please don't flame me about it.
ps3: while i have updated the kernel/modules, nothin else got updated, that includes iptables.

Last edited by naghi32; 03-21-2011 at 08:32 AM.
 
Old 03-22-2011, 04:38 AM   #2
naghi32
Member
 
Registered: Dec 2008
Distribution: Slackware
Posts: 39

Original Poster
Rep: Reputation: 17
I would just like to tell everybody the the problem is fixed.
As i had suspected from the start it was the kernel's fault ( actualy mine )
reverting to the old kernel fixed the problem .

So a message for anybody wanting to upgrade the kernel ... Recompile your applications for that kernel version
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Nat routing DigiCrime Linux - Networking 8 06-18-2010 08:30 PM
trouble ssh-ing to my slackware box plan9 Slackware 16 10-07-2004 11:50 AM
routing through nat booyah Linux - Networking 3 01-17-2004 09:40 PM
real routing under nat routing nothingmuch Linux - Networking 4 10-27-2003 04:11 PM
Routing behind NAT bax *BSD 5 04-26-2003 06:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration