[CentOS] Regd: Iptables SNAT issue in Cluster Suite Setup

Fri Dec 21 14:28:36 UTC 2007
Balaji <balajisundar at midascomm.com>

Dear All,

I have configured Cluster Suite with 2 servers
   Server 1 : 192.168.13.110 IP Address
   Server 2 : 192.168.13.179 IP Address
   Floating : 192.168.13.83 IP Address (Assumed by currently active server)

I want all snmp packets going out through the active server to be 
stamped with floating IP
So i have added a iptables rules as
   "iptables -t nat -A POSTROUTING -p udp -s 192.168.13.179  --dport 161 
-j SNAT --to-source 192.168.13.83:161
     iptables -t nat -A POSTROUTING -p udp -s 192.168.13.110  --dport 
161 -j SNAT --to-source 192.168.13.83:161"

I have written a script to continuously poll an agent using snmpgetnext.
This script works for some time and then snmpgetnext fails giving the 
following message
   "Fri Dec 21 19:10:20 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0 
= ""
     Fri Dec 21 19:10:20 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0 
= ""
     Fri Dec 21 19:10:20 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0 
= ""
     Fri Dec 21 19:10:20 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0 
= ""
     Fri Dec 21 19:10:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0 
= ""
     snmpgetnext: Failure in sendto (Operation not permitted)
     Fri Dec 21 19:10:21 IST 2007
     snmpgetnext: Failure in sendto (Operation not permitted)
     Fri Dec 21 19:10:21 IST 2007
     snmpgetnext: Failure in sendto (Operation not permitted)
     Fri Dec 21 19:10:21 IST 2007
     snmpgetnext: Failure in sendto (Operation not permitted)
     Fri Dec 21 19:10:21 IST 2007

     snmpgetnext: Failure in sendto (Operation not permitted)
     Fri Dec 21 19:13:20 IST 2007
     snmpgetnext: Failure in sendto (Operation not permitted)
     Fri Dec 21 19:13:20 IST 2007
     snmpgetnext: Failure in sendto (Operation not permitted)
     Fri Dec 21 19:13:21 IST 2007
     snmpgetnext: Failure in sendto (Operation not permitted)
     Fri Dec 21 19:13:21 IST 2007
     snmpgetnext: Failure in sendto (Operation not permitted)
     Fri Dec 21 19:13:21 IST 2007
     Fri Dec 21 19:13:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0 
= ""
     Fri Dec 21 19:13:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0 
= ""
     Fri Dec 21 19:13:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0 
= ""
     Fri Dec 21 19:13:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0 
= ""
     Fri Dec 21 19:13:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0 
= ""   "

If i remove the above iptables rule it works continuously and if i 
restarted iptables (with rule)  then it works for some time
and before the same problem repeats

Can some one throw light on this particular problem

Regards
S.Balaji

P.S: Same thing happen when a rule for rsync, ssh and telnet
      i.e they works some time and some times does not
      e.g rsync,ssh and telnet iptables SNAT rule
            "iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179  
--dport 873 -j SNAT --to-source 192.168.13.83:873
              iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179  
--dport 22 -j SNAT --to-source 192.168.13.83:22
              iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179  
--dport 23 -j SNAT --to-source 192.168.13.83:23"
              rsync Success message is
               "receiving file list ... done
                 Log/
                 Log/20070619.dbg.zip
                 Log/20070619.log.zip
                 Log/20070620.dbg.zip
                 Log/20070620.log.zip
                 Log/20070621.dbg.zip
                 Log/20070621.log.zip
                 sent 190 bytes  received 211940 bytes  84852.00 bytes/sec
                 total size is 211421  speedup is 1.00"
               rsync Failure message is
              "rsync: failed to connect to 192.168.13.100: Connection 
timed out (110)
                rsync error: error in socket IO (code 10) at 
clientserver.c(94) "
              *ssh Failure *Message is
              "ssh: connect to host 192.168.13.100 port 22: Connection 
timed out"
              telnet Failure Message is
              "telnet: connect to address 192.168.13.100: Connection 
timed out"