I'm having this issue with iptables snat and isc dhcp. This is the case:
I have configured 2 IPs in my network card. Primary and secondary
OS: Ubuntu 16.04
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:40:7a:08 brd ff:ff:ff:ff:ff:ff
inet **10.232.208.228**/29 brd 10.232.208.231 scope global ens32
valid_lft forever preferred_lft forever
inet **10.232.208.229**/29 brd 10.232.208.231 scope global secondary ens32
When a DHCP request comes to secondary IP(10.232.208.229), ISC DHCP create a DHCP Offer with the primary IP(10.232.208.228) as source. I used the following iptable snat rule to solve the issue:
iptables -t nat -A POSTROUTING -p udp -o ens32 -s 10.232.208.228 --sport 67:68 -j SNAT --to-source 10.232.208.229:67
The problem is that when i translate to 10.232.208.229:67, the DHCPOffer packet is not sent. If i change the port for any other than 67, it works.
Here is the log on syslog telling that Operation not permitted:
Jul 28 11:46:31 dhcp777rsv2 dhcpd[32364]: DHCPDISCOVER from d0:67:e5:30:18:90 (MXXXX) via 172.16.199.1
Jul 28 11:46:32 dhcp777rsv2 dhcpd[32364]: DHCPOFFER on 172.16.199.4 to d0:67:e5:30:18:90 (MXXXX) via 172.16.199.1
Jul 28 11:46:32 dhcp777rsv2 dhcpd[32364]: **send_packet: Operation not permitted**
Jul 28 11:46:32 dhcp777rsv2 dhcpd[32364]: dhcp.c:3693: **Failed to send 301 byte long packet over fallback interface.**
my iptable table do not have other rules, and by default it permits everthing.
I have tried running dhcpd with root user without luck.
I would like to understand what is happening and could solve this issue.
