[CentOS] snat packet going out a bridge

Thu Jan 21 22:34:48 UTC 2016
Eliezer Croitoru <eliezer at ngtech.co.il>

On 20/01/2016 19:55, Steve Clark wrote:
> So I want traffic coming in eth5 with 10.10.0.x addresses to be source
> natted to
> But my iptables nat statement never gets hit.
> Chain POSTROUTING (policy ACCEPT 172 packets, 31384 bytes)
>   pkts bytes target     prot opt in     out source
> destination
>      0     0 SNAT       all  --  *      xbrdg0
>             to:
>     29  1933 MASQUERADE  all  --  *      tun+
> # ping -I

First you should try to match without SNAT at all with a simple log 
target and see if it matches.
I would start with:
iptables -t nat -I POSTROUTING -s -o xbrdg0 -j LOG --log-prefix 
"Should-SNAT: " --log-level 4

And then:
iptables -t nat -I POSTROUTING -s -o xbrdg0 -j SNAT --to-source

And see what happens.
Also there might be something about this bridge settings and it maybe 
needs the "-o eth1" but it would be a bit weird.