[lug] Iptables

Dan Ferris dan at usrsbin.com
Thu Aug 3 15:20:08 MDT 2006 

Hello list,

I have the following in an iptables setup:
Chain PREROUTING (policy ACCEPT 41 packets, 4193 bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.20.221      to:10.2.253.21
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.20.222      to:10.2.253.22
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.20.227      to:10.2.253.27
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.20.228      to:10.2.253.28
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.20.229      to:10.2.253.29
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.20.233      to:10.2.253.33
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.20.234      to:10.2.253.34
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.20.235      to:10.2.253.35
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.20.240      to:10.2.253.240
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.20.202      to:10.2.253.202
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.21.115      to:10.2.253.115
    0     0 DNAT       all  --  *      *       0.0.0.0/0            
204.184.21.118      to:10.2.253.118

Chain POSTROUTING (policy ACCEPT 3 packets, 204 bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 SNAT       all  --  *      *       10.2.253.253         
0.0.0.0/0           to:204.184.20.253
    0     0 SNAT       all  --  *      *       10.2.253.21          
0.0.0.0/0           to:204.184.20.221
    0     0 SNAT       all  --  *      *       10.2.253.22          
0.0.0.0/0           to:204.184.20.222
    0     0 SNAT       all  --  *      *       10.2.253.27          
0.0.0.0/0           to:204.184.20.227
    0     0 SNAT       all  --  *      *       10.2.253.28          
0.0.0.0/0           to:204.184.20.228
    0     0 SNAT       all  --  *      *       10.2.253.29          
0.0.0.0/0           to:204.184.20.229
    0     0 SNAT       all  --  *      *       10.2.253.33          
0.0.0.0/0           to:204.184.20.233
    0     0 SNAT       all  --  *      *       10.2.253.34          
0.0.0.0/0           to:204.184.20.234
    0     0 SNAT       all  --  *      *       10.2.253.35          
0.0.0.0/0           to:204.184.20.235
    0     0 SNAT       all  --  *      *       10.2.253.240         
0.0.0.0/0           to:204.184.20.240
    0     0 SNAT       all  --  *      *       10.2.253.202         
0.0.0.0/0           to:204.184.20.204
    0     0 SNAT       all  --  *      *       10.2.253.115         
0.0.0.0/0           to:204.184.21.115
    0     0 SNAT       all  --  *      *       10.2.253.118         
0.0.0.0/0           to:204.184.21.118

Of course, the issue is that NOTHING will NAT properly.  In fact, those 
rules are NEVER hit at all.  I watch with a sniffer and I can see the 
traffic come into the proper interfaces, but nothing ever happens.  This 
problem is getting very confusing and frustrating, so any suggestions 
would be appreciated.

Thanks,

Dan

More information about the LUG mailing list