SNAT not working for locally generated packets

Why SNAT does not work for locally generated packets?

# show nat source 
 rule 50 {
     outbound-interface eth2.1574
     protocol icmp
     source {
     translation {

show interfaces ethernet eth2.1574
eth2.1574@eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:69:b4:60:07:f6 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth2.1574

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3397  322K VYATTA_PRE_SNAT_HOOK  all  --  *      *             
    0     0 SNAT       icmp --  *      eth2.1574            /* SRC-NAT-50 */ to:

The translation address must be present on the outbound interface, otherwise ARP for it won’t work and the remote router won’t know where to send the packets destined to the IP.
You can just add the IP on the interface with add interface eth2.1574 address
Unless you have that address or subnet already present on a different interface, then you can’t do SNAT to it.

Address is assigned on the dummy interface, and the remote host has a route to it.

The rule works for forwarded packets. The rule does not work for locally generated packets (rule counter does not increment.).

Hello, @Harunaga!
Please, provide also interface configuration and routing table. NAT rule should work if nothing other modify packets before it.

afaik , this should work
Try flushing conntrack table, and use tcpdump to see if packets leave on eth2.1574 un-masqueraded

It’s my fault.
The system has a rule:
iptables -I OUTPUT -t raw -j NOTRACK

I deleted the rule. Problems solved.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.