From: Hilco Wijbenga (hilco.wijbenga_at_gmail.com)
Date: Mon 05 Sep 2005 - 07:28:53 BST
Thanks for your very fast response, Herbert.
I tried what you suggested but it doesn't seem to make any difference.
Btw, your approach seems to indicate that I need a static IP? Or at
least that I update my firewall rules when my IP changes?
On 9/4/05, Herbert Poetzl <herbert_at_13thfloor.at> wrote:
> your problem is that the guest send packets with
> a source IP in the private range, but the host does
> not SNAT them to the public IP (and masquerading does
> not apply to host generated packets)
> verify that with 'tcpdump -vvnei eth1 icmp' on the
> host and a 'ping -c 1 184.108.40.206' inside the guest
> you can fix that with an SNAT rule like this:
> iptables -t nat -I POSTROUTING -s A.B.C.1 -j SNAT --to X.Y.Z.W
gargoyle vservers # tcpdump -vvnei eth1 icmp
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 68 bytes
23:13:39.940738 xx:xx:xx:xx:xx:xx > yy:yy:yy:yy:yy:yy, ethertype IPv4
(0x0800), length 98: IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF],
length: 84) A.B.C.2 > 220.127.116.11: icmp 64: echo request seq 1
I get the exact same output (except for the timestamp) after adding
the iptables rule. Did I do something wrong?
Vserver mailing list