SNAT does wrong port mapping?
Hello
I have a host with two ethernet addresses A and B. From another host I
try to connect to B over the interface from A to make snmp queries:
------ ------
client ------- A B---
------ ------
Not the packets successfully are forwarded from the A interface to the B
interface. The snmpd creates a reply packet but this then originates from
the address of interface A! This is a problem for me because my Firewall
doesn't find an established/related connection in it's conntrack table for
it.
I tried to SNAT the outgoing packets with:
iptables -t nat -A POSTROUTING -p udp --sport 161 -j SNAT --to-source 10.0.0.42
but then either the srcport is changed to an arbitrary value causing the
firewall to block the packet or, if I write "--to 10.0.0.42:161", there's
no packet send, although the POSTROUTING rule count increases and
/proc/net/ip_conntrack shows a seemingly correct entry:
udp 17 29 src=212.117.68.10 dst=10.0.0.42 sport=51558
dport=161 [UNREPLIED] src=10.0.0.42 dst=212.117.68.10 sport=161
dport=51558 use=1
Does anybody have a clue about this?
My goal was a host with many IPs (a router) which can be accessed by only
one IP that is independend from any real interface connection and that
makes connection with only this very same IP (important for ACLs on other
hosts).
-christian-
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: