Forwarding UDP Packets using SNAT

I am trying to do the following

192.168.1.1
A --------------- B
192.168.1.2 | 10.1.1.127
|
C (10.1.1.1)

UDP packets from 10.1.1.1 need to be forwarded to 192.168.1.2. The
destination address on the UDP packets is 192.168.1.2. I can see that
packets are being received succesffuly on eth1 of Device B. However,
it is not forwarded to Device A.

My iptables rules are as follows :

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F

iptables -A FORWARD -i eth0 -o eth1 -m state -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.1.1

Can anyone show me where the mistake lies ?

(E-Mail Removed) wrote:
> I am trying to do the following
>
> 192.168.1.1
> A --------------- B
> 192.168.1.2 | 10.1.1.127
> |
> C (10.1.1.1)
>
> UDP packets from 10.1.1.1 need to be forwarded to 192.168.1.2. The
> destination address on the UDP packets is 192.168.1.2. I can see that
> packets are being received succesffuly on eth1 of Device B. However,
> it is not forwarded to Device A.
>
> My iptables rules are as follows :
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -P INPUT ACCEPT
> iptables -F INPUT
> iptables -P OUTPUT ACCEPT
> iptables -F OUTPUT
> iptables -P FORWARD DROP
> iptables -F FORWARD
> iptables -t nat -F
>
> iptables -A FORWARD -i eth0 -o eth1 -m state -j ACCEPT

this rule seems to be wrong, should be like
iptables -A FORWARD -i eth0 -o eth1 -m state ESTABLISHED -j ACCEPT

> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
> iptables -A FORWARD -j LOG
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.1.1
>
> Can anyone show me where the mistake lies ?
>

Is your routing set up correctly?

You should see something like
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
after executing /sbin/route

Do you have loaded the ip_conntrack module into the kernel (/sbin/lsmod
| grep conntrack)?

Eric

(E-Mail Removed) wrote:
> I am trying to do the following
>
> 192.168.1.1
> A --------------- B
> 192.168.1.2 | 10.1.1.127
> |
> C (10.1.1.1)
>
> UDP packets from 10.1.1.1 need to be forwarded to 192.168.1.2. The
> destination address on the UDP packets is 192.168.1.2. I can see that
> packets are being received succesffuly on eth1 of Device B. However,
> it is not forwarded to Device A.
>
> My iptables rules are as follows :
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -P INPUT ACCEPT
> iptables -F INPUT
> iptables -P OUTPUT ACCEPT
> iptables -F OUTPUT
> iptables -P FORWARD DROP
> iptables -F FORWARD
> iptables -t nat -F
>
> iptables -A FORWARD -i eth0 -o eth1 -m state -j ACCEPT

this rule seems to be wrong, should be like
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED -j ACCEPT

> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
> iptables -A FORWARD -j LOG
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.1.1
>
> Can anyone show me where the mistake lies ?
>

Is your routing set up correctly?

You should see something like
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
after executing /sbin/route

Do you have loaded the ip_conntrack module into the kernel (/sbin/lsmod
| grep conntrack)?

Eric