Mailing List Archive

SNAT w/ uid-owner issue
I have a pretty simple NAT rule going on here:

iptables -t nat -A POSTROUTING -d ! -s -p !
esp -m owner --uid-owner dante -j SNAT --to

Not rocket science - danted is running on, I'm connecting from over IPSec - Hence why I 1) tell it to ignore ESP (which says
it comes from 219.93, plus it's still using 'dante' as the uid) 2) I'm
telling it to ignore everything going to

With this rule in place, I see this in my conntrack table:

tcp 6 267 ESTABLISHED src= dst= sport=1080
dport=2097 [UNREPLIED] src= dst= sport=2097
dport=1080 mark=0 use=1

Clearly wrong - There are no other rules related to my 150 address in my
tables. Indeed, if I take out the SNAT rule, it will work fine. Now, if
I change the SNAT to a 'LOG' entry, it only logs the rule hits that are
correct, and not these ones that are wrong. I'm running a
kernel, which I realized is older than the hills, but other than this it
has been working happily.

Any ideas? I may try upgrading to shortly, but I don't even
know if that will fix it.