[tproxy] failure to apply snat mapping?
Lennert Buytenhek
buytenh@wantstofly.org
Fri, 23 Apr 2004 12:03:38 +0200
On Fri, Apr 23, 2004 at 11:59:43AM +0200, KOVACS Krisztian wrote:
> Hi,
Hello,
> > Let's say that I have an app that connects to IP address 1.2.3.4, and uses
> > tproxy to fake the source address as 5.6.7.8. Bind the socket, then call
> > into tproxy, and then connect() and ta da -- everything works as expected.
> >
> > Now I decide that that app should not connect to 1.2.3.4, but instead to
> > 1.2.3.5. I don't want to modify the source and restart it, so I add a nat
> > rule in the iptables nat/OUTPUT chain to DNAT the address to 1.2.3.5.
> >
> > The app now (unknowingly) connects to 1.2.3.5, that works fine. But.. the
> > source address used for the connection is now the source address of the box
> > and not anymore 5.6.7.8? :((
>
> Do you have "NAT of local connections" enabled or disabled?
[ ... ]
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_LOCAL=m <== enabled?
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_ULOG=m
[ ... ]
--L