On 20/01/2016 19:55, Steve Clark wrote:
So I want traffic coming in eth5 with 10.10.0.x addresses to be source natted to 192.168.100.3. But my iptables nat statement never gets hit.
Chain POSTROUTING (policy ACCEPT 172 packets, 31384 bytes) pkts bytes target prot opt in out source destination 0 0 SNAT all -- * xbrdg0 0.0.0.0/0 0.0.0.0 to:192.168.100.3 29 1933 MASQUERADE all -- * tun+ 0.0.0.0/0 0.0.0.0/0
# ping -I 10.10.0.1 8.8.8.8
First you should try to match without SNAT at all with a simple log target and see if it matches. I would start with: iptables -t nat -I POSTROUTING -s 10.0.0.1 -o xbrdg0 -j LOG --log-prefix "Should-SNAT: " --log-level 4
And then: iptables -t nat -I POSTROUTING -s 10.0.0.1 -o xbrdg0 -j SNAT --to-source 192.168.100.3
And see what happens. Also there might be something about this bridge settings and it maybe needs the "-o eth1" but it would be a bit weird.
Eliezer