proxy with DNAT

I try to use the proxy listening on 127.0.0.1 with DNAT configured with iptables, but connexion from client failed.
I build the network with 3 VMs in the same private network 192.168.179.0/24 : client (.133)---proxy (.128) ----server (.134)

server command : sudo ncat --sctp -l 192.168.179.134 38412

proxy command : proxy -4 -i 2048 -o 1024 -L 192.168.179.128:38412 -X 192.168.179.128 -S 192.168.179.134:38412
proxy iptables conf : sudo iptables -t nat -I PREROUTING -p sctp -d 192.168.179.128 -j DNAT --to-destination 127.0.0.1:38412
sudo iptables -t nat -I POSTROUTING -p sctp -s 127.0.0.1 -j SNAT --to-source 192.168.179.128

client command : sudo ncat --sctp 192.168.179.128 38412 --> Ncat: Connection refused.

Here is the pcap on proxy :

Any idea about this issue for checksum unverified ?

[stewrtrs]

One suggestion.. Make sure you do *not* have the kernel SCTP from linux in place. Often times if you do the linux OS version will respond with a ABORT since it knows nothing about the user space implementation R

…

On Nov 8, 2022, at 5:04 AM, greenlora ***@***.***> wrote: I try to use the proxy listening on 127.0.0.1 with DNAT configured with iptables, but connexion from client failed. I build the network with 3 VMs in the same private network 192.168.179.0/24 : client (.133)---proxy (.128) ----server (.134) server command : sudo ncat --sctp -l 192.168.179.134 38412 proxy command : proxy -4 -i 2048 -o 1024 -L 192.168.179.128:38412 -X 192.168.179.128 -S 192.168.179.134:38412 proxy iptables conf : sudo iptables -t nat -I PREROUTING -p sctp -d 192.168.179.128 -j DNAT --to-destination 127.0.0.1:38412 sudo iptables -t nat -I POSTROUTING -p sctp -s 127.0.0.1 -j SNAT --to-source 192.168.179.128 client command : sudo ncat --sctp 192.168.179.128 38412 --> Ncat: Connection refused. Here is the pcap on proxy : <https://www.google.com/url?q=https://user-images.githubusercontent.com/32301610/200534712-8252aa8e-aa14-48c8-a187-d7782d335187.jpg&source=gmail-imap&ust=1668506669000000&usg=AOvVaw0Ax1GqUm4dofpAa_-xaQUP> Any idea about this issue for checksum unverified ? — Reply to this email directly, view it on GitHub <https://www.google.com/url?q=https://github.com/sctplab/sctp_proxy/issues/2&source=gmail-imap&ust=1668506669000000&usg=AOvVaw3BnT8q9xBnPcFlYCk2AH6E>, or unsubscribe <https://www.google.com/url?q=https://github.com/notifications/unsubscribe-auth/AAQZ4GS3UOKLPRAKSSPLDP3WHIQSXANCNFSM6AAAAAAR2EC3AU&source=gmail-imap&ust=1668506669000000&usg=AOvVaw1ccUI-AdjePcy_Qe7T5J-8>. You are receiving this because you are subscribed to this thread.

------ Randall Stewart ***@***.***