Following Problem:
Traffic comes in on Port 30101 and should be forwarded to Port 25, the source IP should be changed, and a mark should be set.
The following ruleset works but only if not a TIME_WAIT is in nf_connecttrack. Btw SNAT is never hit.
<passthrough ipv="ipv4">-t nat -A PREROUTING -p tcp --dport 30101 -j DNAT --to-destination :25</passthrough> <passthrough ipv="ipv4">-t mangle -A PREROUTING -p tcp --dport 30101 -j MARK --set-mark 2014</passthrough> <passthrough ipv="ipv4">-A POSTROUTING -t nat -m mark --mark 2014 -p tcp -j SNAT --to xx.xx.xx.xx:25</passthrough> I need to set the mark cause then the traffic is routed over another gateway.
With this setup I can connect via:
telnet xx.xx 30101 and I get a connection to xx.xx:25 but only if cat /proc/net/nf_conntrack | grep "30101" is empty. If there is a TIME_WAIT it does not work.
The SNAT rule is never hit.
