I have a linux "firewall" with two ip addresses (the actual addresses not shown):
eth0 133.20.12.67
eth0:0 133.20.12.68
A host on the inside, 192.168.71.33, is NAT'ed to the outside:
[root@fd_router /]# ip rule
0: from all lookup local
32020: from 192.168.71.33 lookup 3
32025: from 192.168.71.33 lookup main map-to 133.20.12.68
32766: from all lookup main
32767: from all lookup 253
[root@fd_router /]# ipchains -L
<snip>
Chain forward (policy DENY):
target prot opt source destination ports
ACCEPT all ------ anywhere 192.168.71.33 n/a
ACCEPT all ------ 133.20.12.68 anywhere n/a
MASQ all ------ 192.168.71.0/24 anywhere n/a
<snip>
Now, how is arp requsets handled? A tcpdump of a request to a DNS server, .85, and the following
arp requets for the target host, .20:
0:60:97:15:41:48 0:50:4:31:cd:87 0800 79: 133.20.12.68.2605 > 133.20.12.85.53: 1+ (37)
0:50:4:31:cd:87 0:60:97:15:41:48 0800 182: 133.20.12.85.53 > 133.20.12.68.2605: 1 1/2/2 (140)
0:60:97:15:41:48 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 133.20.12.20 tell 133.20.12.67
^^
0:8:c7:33:ae:43 0:60:97:15:41:48 0806 60: arp reply 133.20.12.20 is-at 0:8:c7:33:ae:43
It seems that the arp "source address" isn't NAT'ed. Is it supposed to be, or isn't things
designed that way?
TIA,
Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/