使用iptables做地址伪装出现异常!!!!

zmhzcy

使用iptables做地址伪装，大部分数据包能正常伪装源IP，但也一些数据包无法伪装

iptables命令为
iptables -t nat -A POSTROUTING -s 10.103.0.0/16 -j SNAT --to-source 118.144.78.157

echo "1" > /proc/sys/net/ipv4/ip_forward

但是通过抓包可以看到
15:13:34.642145 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:13:34.889378 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:13:35.705236 IP 10.103.0.13.1452 > 42.156.166.36.80: Flags [FP.], seq 1269288121:1269289078, ack 1270442436, win 15544, length 957
15:13:36.553620 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:13:39.935391 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:13:44.194912 IP 10.103.0.13.41424 > 123.151.153.103.80: Flags [F.], seq 0, ack 1, win 4202, options [nop,nop,TS val 104925984 ecr 3969108009], length 0
15:13:46.758047 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:13:57.398939 IP 10.103.0.13.57811 > 111.30.131.145.80: Flags [F.], seq 0, ack 1, win 15544, length 0
15:14:00.221104 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags [F.], seq 0, ack 1, win 1415, length 0
15:14:01.812248 IP 10.103.0.13.36516 > 211.151.12.194.80: Flags [R], seq 4138819012, win 0, length 0
15:14:02.148288 IP 10.103.0.13.36516 > 211.151.12.194.80: Flags [R], seq 4138819012, win 0, length 0
15:14:04.689262 IP 10.103.0.13.49566 > 42.62.94.2.5222: Flags [FP.], seq 2474684826:2474684842, ack 565692991, win 7300, length 16

有些数据包未能正常伪装，iptables命令和配置都是正确的。

瀚海书香

回复 1# zmhzcy

抓到这个应该是正常的。

sip-->dip
vip-->dip
dip-->vip

   

hankzheng888

你这是在哪里抓的？