From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Tue 07 Dec 2004 - 17:10:46 GMT
On Tue, Dec 07, 2004 at 07:40:45PM +1030, Darryl Ross wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey All,
>
> Been fighting with a problem today to do with iptables and SNATing packets.
>
> First a bit of background. At our office we have 2 ISDN links and a
> satellite link for external connectivity. We have a /24 net block routed
> to us via the satellite and use one of the ISDN links for our outbound
> connectivity as well as inbound for a few bits and pieces that are
> latency dependent.
>
> The second ISDN link is purely for running VoIP across for our office
> PBX system. The PBX is Asterisk running inside a vserver on a machine
> inside the network. For simplification of our software maintenance we
> run a standardised kernel on all our machines, which includes the
> vserver patchs.
>
> Anyway, put simply, the problem that I am having is that the following
> rule does not match any packets:
>
> iptables -t nat -A POSTROUTING -s x.x.x.16/32 -j SNAT --to-source y.y.y.y
which packets do you expect it to match?
> I am just in the middle of building a stock kernel to test it, but I am
> expecting that to work as would be expected. The kernel that "doesn't
> work" is 2.4.26-vs1.28 and the version of iptables is 1.2.6a-5.0woody2.
>
> Has anyone come across this before?
no, any tcpdump maybe?
best,
Herbert
> TIA
> Darryl
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
>
> iD8DBQFBtXOV/XQ6DbmPjokRAvhfAJ4giNmnZrf900Sd3cb3BqqJIv20OACeIp3c
> /HFCRhuxzKgfeq0xtwmGWxA=
> =cAG2
> -----END PGP SIGNATURE-----
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver