4

I'm using iptables on Ubuntu server to route a public IP to a private IP. I want to nat all traffic, including 80, 443 and ICMP.

However, it appears that ICMP isn't routing. I have a steady ping going to the public IP and it never stops, even with NAT pointing to a bogus IP.

Here are the rules that I'm using:

iptables -t nat -I PREROUTING -d 206.72.119.76 -j DNAT --to-destination 10.240.5.5  
iptables -t nat -I POSTROUTING  -s 10.240.5.5 -j SNAT --to-source 206.72.119.76

I tried with rules for ICMP specifically, but no such luck: 

iptables -t nat -I PREROUTING -d 206.72.119.76 - icmp --icmp-type echo-request -j DNAT --to-destination 10.240.5.5

Any ideas?

squillman
  • 37,883
  • 12
  • 92
  • 146
Scott Forsyth
  • 16,449
  • 3
  • 37
  • 56
  • I should mention that port 80 and 3389 routing does work perfectly so I know that everything else is setup correctly. It's just ICMP that doesn't appear to work. – Scott Forsyth Jan 26 '10 at 04:39

1 Answers1

0

Have you done any pcapping to see if the icmp packets are getting NAT'd and sent out again? Maybe they're just being accepted by the box you're running iptables on.

jdizzle
  • 558
  • 3
  • 8
  • I believe that is what is happening, that the box running iptables is responding, rather than passing the requests on. I want to ensure that the requests are passed along so that a failure on the end machine causes the pings to start failing. – Scott Forsyth Mar 09 '10 at 14:43