Hi,
I have problems getting POSTROUTING to work on a Debian 10 box.
Setup:
INTERNET ... Broadband modem 192.168.108.1
Network internal to the Debian box for virtual machines 10.239.239.0/24
Debian has address 192.168.108.2 (interface enp3s0) and 10.239.239.254
(interface br0)
Processes on Debian 10 can talk to the Internet
Processes on virtual machines (eg 10.239.239.23) can talk to the Debian machine
(ie 192.168.108.2) on which they are hosted.
If on 10.239.239.23 I ping the BBC (212.58.249.145) and look with a packet
sniffer on the BB modem I see outgoing addresses 10.239.239.23
This should not happen. I am running an iptables firewall that should fix this
with the rule below:
iptables -t nat -A POSTROUTING -s 10.239.239.0/24 -j SNAT --to-source
192.168.108.2
I have tried variations like:
iptables -t nat -A POSTROUTING -o enp3s0 -j SNAT --to-source 192.168.108.2
It is as if the POSTROUTING rule is being ignored.
This seems to be confirmed by the output below which shows that 0 packets have
been through POSTROUTING.
Can anyone shed any light on this ?
Thanks in advance
# iptables -L -n -t nat -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * * 10.239.239.0/24 0.0.0.0/0
to:192.168.108.2
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT
Lecturer.
+44 (0) 787 668 0256 https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information:
https://www.phcomp.co.uk/Contact.html
#include <std_disclaimer.h>
