I'v been trying to set up a NAT server and have been running into a big problem: packets seem to drop in between IP NAT and ipchains. ie with all packets being loged both at all points posible, I get the 2 NAT messages, then nothing, when you should get the input fire wall rule.|
my setup is as folows:
net A:---------:A nat B:-----------:routerB:---:compB
220.127.116.11/24 18.104.22.168/32 22.214.171.124/32 126.96.36.199/32 188.8.131.52/32
net A wants to comunicate to compB using address natA as destination. NetB doesn't like packets that have addresses of Abut perfectly likes that of netC (184.108.40.206/24), so here's where nat comes in.
RouterB knows that packets of dest netC have a gatway of natB.
So everything goes to compB fine, just while coming back, at nat B packets enter nat B get changed to a source of nat A and droped befor or by the firewalling code.
In the routeing code (route.c) it is said that all packets having a local source address should be droped and I think that's where the problem is coming from.
I have little knoledge of c so I don't know what to change.
the -b flag doesn't seem to work (only the direction inicated gets translated), nyther does the using a -O for some reason (it seems to only get hooked for packets that originate from the computer ie. not the forwarded ones). I'v tried using autofw but it doesn't seem to recognize it's own packets.
Nota: all ip's are fictif
my commands are:
ipnatadm -I -i -S 220.127.116.11/32 -D 18.104.22.168/24 -N 22.214.171.124/24 -M 126.96.36.199/32 -v -P tcp
ipnatadm -I -i -S 188.8.131.52/24 -D 184.108.40.206/32 -M 220.127.116.11/24 -N 18.104.22.168/32 -v -P tcp