Re: Entirely ignoring TCP and UDP checksum in kernel level

[Brad Campbell]

Josan Kadett wrote:
> I am still persistent on the fact that NAT should work with this sense.
>
> I just enable NAT with the following command
>
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.1.5
>
> This IP 192.168.1.5 is our patched linux server which is allowed to acccess
> 192.168.1.77
>
> Now all protocols in the linux system is working fine as ever, and even ping
> sent to 192.168.77.1 returns from 192.168.77.1 that is visible in the
> presumably lowest layer of network stack (as tcpdump also sees it that way).
>
> However; the client on the interface eth0 which has the IP address of
> 192.168.0.30 gets its IP address translated to 192.168.1.5, the ping is sent
> and a response is received (tcpdump shows it)

Are you trying to ping 192.168.77.1 from 192.168.0.30?

Can you give me an iptables -L -n -t nat, ifconfig and route -n from the patched box and also route 
-n and ifconfig from the dummy client at 192.168.0.30 so I can try and get a handle on what you are 
doing and how it all is supposed to work?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/