Bug 99031 - iptables NAT chain not working with DNAT and SNAT
iptables NAT chain not working with DNAT and SNAT
Status: CLOSED WORKSFORME
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
9
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-07-11 20:50 EDT by Chris
Modified: 2007-04-18 12:55 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-08-11 05:29:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris 2003-07-11 20:50:31 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
Redhat 9 with all patches applied from RHN. 

Start IPtables with default settings (ACCEPT all) using /etc/init.d/iptables start.

Set rule 
iptables -t nat -A POSTROUTING -o eth0 -p tcp -j SNAT --to-source 172.20.0.248

Ran ethereal to see network traffic and it kept the source as my private ip of
192.168.1.101 rather than changing it to 172.20.0.248. Yes my ip_forward is set
to 1 in the proc filesystem.

I have tried the exact same steps using Knoppix boot disk and it works fine.

Version-Release number of selected component (if applicable):
iptables-1.2.7a-2

How reproducible:
Always

Steps to Reproduce:
1.in description
2.
3.
    

Additional info:

Not good when you have firewall rules that worked before then you perform an
upgrade and your firewall has holes in it now...
Comment 1 Thomas Woerner 2003-07-21 04:05:11 EDT
I have tested this with different kernel and iptables versions and it works for me:

kernel-2.4.20-9 to kernel 2.4.20-18.9
iptables-1.2.7a-2 to iptables-1.2.8-7

I have used tcpdump on 3 machines: source host, mangle host, destination host.

Please check this again.
Comment 2 Mark J. Cox (Product Security) 2003-08-11 05:29:48 EDT
no response from reporter - please reopen this bug if you are able to reproduce
the problem.
Comment 3 Need Real Name 2003-09-04 07:47:08 EDT
I was having similar problems with kernel-2.4.20-20.9 and iptables-1.2.7a-2 --
rules in the nat table didn't seem to work. Upgrading to iptables-1.2.8-9.1
seems to solve the problem.

Note You need to log in before you can comment on or make changes to this bug.