First Last Prev Next    This bug is not in your last search results.
Bug 99031 - iptables NAT chain not working with DNAT and SNAT
iptables NAT chain not working with DNAT and SNAT
Status: CLOSED WORKSFORME
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
9
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-07-11 20:50 EDT by Chris
Modified: 2007-04-18 12:55 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-08-11 05:29:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Chris 2003-07-11 20:50:31 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
Redhat 9 with all patches applied from RHN. 

Start IPtables with default settings (ACCEPT all) using /etc/init.d/iptables start.

Set rule 
iptables -t nat -A POSTROUTING -o eth0 -p tcp -j SNAT --to-source 172.20.0.248

Ran ethereal to see network traffic and it kept the source as my private ip of
192.168.1.101 rather than changing it to 172.20.0.248. Yes my ip_forward is set
to 1 in the proc filesystem.

I have tried the exact same steps using Knoppix boot disk and it works fine.

Version-Release number of selected component (if applicable):
iptables-1.2.7a-2

How reproducible:
Always

Steps to Reproduce:
1.in description
2.
3.
    

Additional info:

Not good when you have firewall rules that worked before then you perform an
upgrade and your firewall has holes in it now...
Comment 1 Thomas Woerner 2003-07-21 04:05:11 EDT 
I have tested this with different kernel and iptables versions and it works for me:

kernel-2.4.20-9 to kernel 2.4.20-18.9
iptables-1.2.7a-2 to iptables-1.2.8-7

I have used tcpdump on 3 machines: source host, mangle host, destination host.

Please check this again.
Comment 2 Mark J. Cox (Product Security) 2003-08-11 05:29:48 EDT 
no response from reporter - please reopen this bug if you are able to reproduce
the problem.
Comment 3 Need Real Name 2003-09-04 07:47:08 EDT 
I was having similar problems with kernel-2.4.20-20.9 and iptables-1.2.7a-2 --
rules in the nat table didn't seem to work. Upgrading to iptables-1.2.8-9.1
seems to solve the problem.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.