 |
 |
On 2 Jul 2010, at 14:57, Rob Fay wrote: > On 02/07/2010 10:11, Stuart Purdie wrote: >> >> that's missing in the SNAT code (SNAT is actually in a file called ipt_NETMAP.c in 2.6.18). > > That's not the code you're looking for. > ... > SNAT is in ip_nat_rule.c, and does include the above test in the ipt_snat_target function. Ah, right. So much for a consistent file naming scheme then! Yeup, that's the theory busted. >> I guess that at Liverpool, you're using SNAT, Rob? >> > Yes, but in the interests of not spending any more time than necessary in the netfilter source, I've just been checking that MASQUERADE makes no difference. Definitively busted. Which brings me back to my earlier request for people to send me the /etc/sysconfig/iptables-config from their nat boxes? It might be fruitless, but it's an obvious thing to check.