Bug 99031 - iptables NAT chain not working with DNAT and SNAT
Summary: iptables NAT chain not working with DNAT and SNAT
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables   
(Show other bugs)
Version: 9
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-07-12 00:50 UTC by Chris
Modified: 2007-04-18 16:55 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-08-11 09:29:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Chris 2003-07-12 00:50:31 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
Redhat 9 with all patches applied from RHN. 

Start IPtables with default settings (ACCEPT all) using /etc/init.d/iptables start.

Set rule 
iptables -t nat -A POSTROUTING -o eth0 -p tcp -j SNAT --to-source 172.20.0.248

Ran ethereal to see network traffic and it kept the source as my private ip of
192.168.1.101 rather than changing it to 172.20.0.248. Yes my ip_forward is set
to 1 in the proc filesystem.

I have tried the exact same steps using Knoppix boot disk and it works fine.

Version-Release number of selected component (if applicable):
iptables-1.2.7a-2

How reproducible:
Always

Steps to Reproduce:
1.in description
2.
3.
    

Additional info:

Not good when you have firewall rules that worked before then you perform an
upgrade and your firewall has holes in it now...

Comment 1 Thomas Woerner 2003-07-21 08:05:11 UTC
I have tested this with different kernel and iptables versions and it works for me:

kernel-2.4.20-9 to kernel 2.4.20-18.9
iptables-1.2.7a-2 to iptables-1.2.8-7

I have used tcpdump on 3 machines: source host, mangle host, destination host.

Please check this again.


Comment 2 Mark J. Cox 2003-08-11 09:29:48 UTC
no response from reporter - please reopen this bug if you are able to reproduce
the problem.

Comment 3 Need Real Name 2003-09-04 11:47:08 UTC
I was having similar problems with kernel-2.4.20-20.9 and iptables-1.2.7a-2 --
rules in the nat table didn't seem to work. Upgrading to iptables-1.2.8-9.1
seems to solve the problem.


Note You need to log in before you can comment on or make changes to this bug.