Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. User
Sometimes SNAT is not working
manish.jain at globallogic
Aug 27, 2007, 1:35 AM
Post #1 of 2 (1592 views)
Permalink
Hello,

I am using some internal IPs (169.254.x.x) on my box and then performing
SNAT and DNAT from/to this IP to/from actual public IP.

It has been observed that sometimes SNAT does not work and internal IP
exposed to outside world.

Please share your experiences. Whether it has to do with connection
tracking in some way or other?

Best Regards,
Manish Jain
Re: Sometimes SNAT is not working [ In reply to ]
pascal.mail at plouf
Aug 27, 2007, 7:41 AM
Post #2 of 2 (1501 views)
Permalink
Hello,

Manish Jain a écrit :
>
> I am using some internal IPs (169.254.x.x) on my box and then performing
> SNAT and DNAT from/to this IP to/from actual public IP.

Note : you should consider using an address range other that
169.254.0.0/16 which is reserved for non routable link local
communications (see RFC 3330). You could use a private address range in
10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 (see RFC 1918) instead.

> It has been observed that sometimes SNAT does not work and internal IP
> exposed to outside world.
>
> Please share your experiences. Whether it has to do with connection
> tracking in some way or other?

Probably. NAT does not work on packets in the INVALID or NOTRACK state.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal