NAT problem on 2.2.4

Forum: Linux IP NAT Forum
Date: Wed, 31 Mar 1999 10:25:03 GMT
From: Jan Panoch <jap@post.cz>

I have problem with NAT on 2.2.4 kernel - situation: NAT host: eth0 - 212.27.196.16/24 eth1 - 10.1.6.1/24 config: /sbin/ipnatadm -F /sbin/ipnatadm -I -i -o -P tcp -D 212.27.196.16/32 80 -N 10.1.6.24/32 80 /sbin/ipnatadm -I -i -o -P tcp -S 10.1.6.24/32 80 -M 212.27.196.16/32 80 on internal net - ip 10.1.6.24 is www server which should be present on the internet as 212.27.196.16 (port 80) forwarding in kernel is enabled (echo 1 > ip_forward) problem: packet come from internet, is translated (dest addr) and forwarded to www server on internal net, the response come from www server to NAT host, is translated (src addr), but is NOT FORWARDED to the requestor on the internet!!!! Why???? here is kernel msg for packets translated by NAT: IP NAT in (before) eth0 TCP src:146.102.168.20:1874 dst:212.27.196.16:80 nat-src:0.0.0.0 nat-dst:10.1.6.24:80 L=60 S=0x10 I=58162 F=0x0040 T=58 IP NAT in (after) eth0 TCP src:146.102.168.20:1874 dst:10.1.6.24:80 nat-src:0.0.0.0 nat-dst:10.1.6.24:80 L=60 S=0x10 I=58162 F=0x0040 T=58 IP NAT in (before) eth1 TCP src:10.1.6.24:80 dst:146.102.168.20:1874 nat-src:212.27.196.16:80 nat-dst:0.0.0.0 L=60 S=0x00 I=43828 F=0x0040 T=64 IP NAT in (after) eth1 TCP src:212.27.196.16:80 dst:146.102.168.20:1874 nat-src:212.27.196.16:80 nat-dst:0.0.0.0 L=60 S=0x00 I=43828 F=0x0040 T=64 I try before the same config on 2.0.36 with NAT patch (not from Michal Hassenstein) and this was functional.. But with 2.2.4 and new NAT patch not.. Thanx fro help Jan Panoch jap@globe.cz

Messages Inline: Outline:

1. What about routes, what does tcpdump say by Michael Hasenstein, 3/31/99

1. routes, fw rules etc..., 3/31/99

2. tcpdump, ipchains, 3/31/99

1. not clear, doesn't look like NAT problem by Michael Hasenstein, 4/01/99

2. Problem solved!! by Jan Panoch, 4/08/99

1. I added your patch to the 'official' version by Michael Hasenstein, 4/09/99