[CentOS] snat packet going out a bridge

Thu Jan 21 22:34:48 UTC 2016
Eliezer Croitoru <eliezer at ngtech.co.il>

On 20/01/2016 19:55, Steve Clark wrote:
>
> So I want traffic coming in eth5 with 10.10.0.x addresses to be source
> natted to 192.168.100.3.
> But my iptables nat statement never gets hit.
>
> Chain POSTROUTING (policy ACCEPT 172 packets, 31384 bytes)
>   pkts bytes target     prot opt in     out source
> destination
>      0     0 SNAT       all  --  *      xbrdg0 0.0.0.0/0
> 0.0.0.0             to:192.168.100.3
>     29  1933 MASQUERADE  all  --  *      tun+ 0.0.0.0/0
> 0.0.0.0/0
>
> # ping -I 10.10.0.1 8.8.8.8

First you should try to match without SNAT at all with a simple log 
target and see if it matches.
I would start with:
iptables -t nat -I POSTROUTING -s 10.0.0.1 -o xbrdg0 -j LOG --log-prefix 
"Should-SNAT: " --log-level 4

And then:
iptables -t nat -I POSTROUTING -s 10.0.0.1 -o xbrdg0 -j SNAT --to-source 
192.168.100.3

And see what happens.
Also there might be something about this bridge settings and it maybe 
needs the "-o eth1" but it would be a bit weird.

Eliezer