I'm using iptables under linux to NAT SNMP traffic. Some of the SNMP packets have VARBINDs that contain the (real) IP addresses of the devices that generated them. This confuses standard management tools, which need to see the NATted addresses in the VARBINDs. So I need to translate the addresses in the payload in addition to those in the headers.
The standard tool is the nf_nat_snmp_basic.ko kernel module, but the original version translates only the first octet of the address and the latest version simply corrupts the packets altogether. This is apparently "common knowledge" on the web (www.netfilter.org) and I've verified it on my own equipment.
Before I dive into the kernel, has anyone else worked on this problem and come up with a suitable solution? For now, it's sufficient to translate only those VARBINDs whose OIDs specify their type as an IP address. In other words, I don't need to translate addresses that are embedded in string data, which would be far more difficult.
Thanks for your suggestions!