I am using iptableslinux for NAT SNMP traffic. Some of the SNMP packets have VARBINDs that contain the (real) IP addresses of the devices that generated them. This confuses the standard management tools that NAT addresses must see in VARBIND. Therefore, I need to translate the addresses in the payload in addition to those in the headers.
The kernel module is the standard tool nf_nat_snmp_basic.ko, but the original version only translates the first octet of the address, and the latest version will simply damage the packages altogether. This is apparently “general knowledge” on the Internet (www.netfilter.org), and I tested it on my own equipment.
Before diving into the kernel, did anyone else work on this problem and come up with a suitable solution? For now, it’s enough to translate only those VARBINDs whose OIDs indicate their type as an IP address. In other words, I don’t need to translate the addresses embedded in the string data, which would be much more complicated.
Thanks for your suggestions!
source
share