[tproxy] failure to apply snat mapping?

Lennert Buytenhek buytenh@wantstofly.org
Fri, 23 Apr 2004 12:03:38 +0200


On Fri, Apr 23, 2004 at 11:59:43AM +0200, KOVACS Krisztian wrote:

>   Hi,

Hello,


> > Let's say that I have an app that connects to IP address 1.2.3.4, and uses
> > tproxy to fake the source address as 5.6.7.8.  Bind the socket, then call
> > into tproxy, and then connect() and ta da -- everything works as expected.
> > 
> > Now I decide that that app should not connect to 1.2.3.4, but instead to
> > 1.2.3.5.  I don't want to modify the source and restart it, so I add a nat
> > rule in the iptables nat/OUTPUT chain to DNAT the address to 1.2.3.5.
> > 
> > The app now (unknowingly) connects to 1.2.3.5, that works fine.  But.. the
> > source address used for the connection is now the source address of the box
> > and not anymore 5.6.7.8? :((
> 
>   Do you have "NAT of local connections" enabled or disabled?

[ ... ]
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_LOCAL=m		<== enabled?
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_ULOG=m
[ ... ]


--L