[CentOS] snat packet going out a bridge
Eliezer Croitoru
eliezer at ngtech.co.il
Thu Jan 21 22:34:48 UTC 2016
On 20/01/2016 19:55, Steve Clark wrote:
>
> So I want traffic coming in eth5 with 10.10.0.x addresses to be source
> natted to 192.168.100.3.
> But my iptables nat statement never gets hit.
>
> Chain POSTROUTING (policy ACCEPT 172 packets, 31384 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 SNAT all -- * xbrdg0 0.0.0.0/0
> 0.0.0.0 to:192.168.100.3
> 29 1933 MASQUERADE all -- * tun+ 0.0.0.0/0
> 0.0.0.0/0
>
> # ping -I 10.10.0.1 8.8.8.8
First you should try to match without SNAT at all with a simple log
target and see if it matches.
I would start with:
iptables -t nat -I POSTROUTING -s 10.0.0.1 -o xbrdg0 -j LOG --log-prefix
"Should-SNAT: " --log-level 4
And then:
iptables -t nat -I POSTROUTING -s 10.0.0.1 -o xbrdg0 -j SNAT --to-source
192.168.100.3
And see what happens.
Also there might be something about this bridge settings and it maybe
needs the "-o eth1" but it would be a bit weird.
Eliezer
More information about the CentOS
mailing list