SNAT not working for locally generated packets

Why SNAT does not work for locally generated packets?

# show nat source 
 rule 50 {
     outbound-interface eth2.1574
     protocol icmp
     source {
         address 192.168.16.234
     }
     translation {
         address 192.168.208.52
     }
 }



show interfaces ethernet eth2.1574
eth2.1574@eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:69:b4:60:07:f6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.16.234/30 brd 192.168.16.235 scope global eth2.1574

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3397  322K VYATTA_PRE_SNAT_HOOK  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 SNAT       icmp --  *      eth2.1574  192.168.16.234         0.0.0.0/0            /* SRC-NAT-50 */ to:192.168.208.52

The translation address must be present on the outbound interface, otherwise ARP for it won’t work and the remote router won’t know where to send the packets destined to the IP.
You can just add the IP on the interface with add interface eth2.1574 address 192.168.208.52.
Unless you have that 192.168.208.52 address or subnet already present on a different interface, then you can’t do SNAT to it.

Address 192.168.208.52 is assigned on the dummy interface, and the remote host has a route to it.

The rule works for forwarded packets. The rule does not work for locally generated packets (rule counter does not increment.).

Hello, @Harunaga!
Please, provide also interface configuration and routing table. NAT rule should work if nothing other modify packets before it.

afaik , this should work
Try flushing conntrack table, and use tcpdump to see if packets leave on eth2.1574 un-masqueraded

It’s my fault.
The system has a rule:
iptables -I OUTPUT -t raw -j NOTRACK

I deleted the rule. Problems solved.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.