Writing a netfilter module..

Writing a netfilter module..

[Kyoungyong Lee]

[-- Attachment #1: Type: text/plain, Size: 523 bytes --]

hello, folks.

I'm writing a netfilter module program.

the purpose of this program is forwarding a packet according to the ip address or port # of incoming packet.

for example, if the port # of incoming packet is 9999, i want to forward this packet to 210.107.xxx.yyy.

Anyway, I hooked incoming packet 

but after checking the port/ip addr I cannot forwarding it directly to specifiedl ip address.

is there anyone who know the way how to forward packet directly??

Thanks very much in advance..

-leeky-

[-- Attachment #2: Type: text/html, Size: 1408 bytes --]

Re: Writing a netfilter module..

[Jim Carter]

On Sun, 17 Aug 2003, Kyoungyong Lee wrote:

> the purpose of this program is forwarding a packet according to the ip
> address or port # of incoming packet. for example, if the port # of
> incoming packet is 9999, i want to forward this packet to
> 210.107.xxx.yyy.

I would use a rule something like this:

    iptables -t nat -A PREROUTING -p tcp --dport 9999 \
	-j DNAT --to-destination 210.107.xxx.yyy

My understanding of the purpose of DNAT is, you have a web server farm
on machines www1.example.com (9.8.7.1), www2.example.com (9.8.7.2), etc.
and a leader machine www.example.com (9.8.7.254).  The customer opens
a connection on the latter machine, and it hands off the connection to
a farm member by saying:

    iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT \
	--to-destination 9.8.7.1-9.8.7.251

The man page says that a simple round robin is done among the destinations,
although I'm sure that you could influence the choice by some fancy dynamic
rules or a special module.

Hope this helps!

James F. Carter          Voice 310 825 2897    FAX 310 206 6673
UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@math.ucla.edu  http://www.math.ucla.edu/~jimc (q.v. for PGP key)