* Is it possible to forward broadcasting with IPtables? @ 2004-04-07 6:38 Younger Wang 2004-04-07 9:40 ` Antony Stone 0 siblings, 1 reply; 6+ messages in thread From: Younger Wang @ 2004-04-07 6:38 UTC (permalink / raw) To: netfilter Hi All, I am seeking a way to forward WINs broadcast. Is it possible to be done with iptables? If not, is there a standard way to do broadcast forwarding? Thank you! BR Younger Wang ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Is it possible to forward broadcasting with IPtables? 2004-04-07 6:38 Is it possible to forward broadcasting with IPtables? Younger Wang @ 2004-04-07 9:40 ` Antony Stone 2004-04-07 11:07 ` Younger Wang 0 siblings, 1 reply; 6+ messages in thread From: Antony Stone @ 2004-04-07 9:40 UTC (permalink / raw) To: netfilter On Wednesday 07 April 2004 7:38 am, Younger Wang wrote: > Hi All, > > I am seeking a way to forward WINs broadcast. Use a WINS server. That will forward peer discovery requests to other subnets. Samba will do the job nicely. > Is it possible to be done with iptables? If not, is there a standard way > to do broadcast forwarding? There is no way to generically forward network broadcasts, otherwise the entire Internet would get flooded with them. Broadcasts are designed to reach every machine on a local subnet, and no others. Regards, Antony. -- This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour, or irrational religious beliefs. If you have received this email in error, you are required to shred it immediately, add some nutmeg, three egg whites and a dessertspoonful of caster sugar. Whisk until soft peaks form, then place in a warm oven for 40 minutes. Remove promptly and let stand for 2 hours before adding some decorative kiwi fruit and cream. Then notify me immediately by return email and eat the original message. Please reply to the list; please don't CC me. ^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: Is it possible to forward broadcasting with IPtables? 2004-04-07 9:40 ` Antony Stone @ 2004-04-07 11:07 ` Younger Wang 2004-04-07 11:14 ` Antony Stone 0 siblings, 1 reply; 6+ messages in thread From: Younger Wang @ 2004-04-07 11:07 UTC (permalink / raw) To: netfilter If the broadcast packets traverse the chains, they should be put to INPUT chain. Is there a way to transfer a packet from INPUT chain to FORWARD chain? Even though broadcast is not expected to go beyond router, forwarding certain broadcast packets can be very useful in many scenarios. BR Younger Wang -----Original Message----- From: netfilter-admin@lists.netfilter.org [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Antony Stone Sent: Wednesday, April 07, 2004 5:41 PM To: netfilter@lists.netfilter.org Subject: Re: Is it possible to forward broadcasting with IPtables? On Wednesday 07 April 2004 7:38 am, Younger Wang wrote: > Hi All, > > I am seeking a way to forward WINs broadcast. Use a WINS server. That will forward peer discovery requests to other subnets. Samba will do the job nicely. > Is it possible to be done with iptables? If not, is there a standard way > to do broadcast forwarding? There is no way to generically forward network broadcasts, otherwise the entire Internet would get flooded with them. Broadcasts are designed to reach every machine on a local subnet, and no others. Regards, Antony. -- This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour, or irrational religious beliefs. If you have received this email in error, you are required to shred it immediately, add some nutmeg, three egg whites and a dessertspoonful of caster sugar. Whisk until soft peaks form, then place in a warm oven for 40 minutes. Remove promptly and let stand for 2 hours before adding some decorative kiwi fruit and cream. Then notify me immediately by return email and eat the original message. Please reply to the list; please don't CC me. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Is it possible to forward broadcasting with IPtables? 2004-04-07 11:07 ` Younger Wang @ 2004-04-07 11:14 ` Antony Stone 2004-04-07 15:19 ` Younger Wang 0 siblings, 1 reply; 6+ messages in thread From: Antony Stone @ 2004-04-07 11:14 UTC (permalink / raw) To: netfilter On Wednesday 07 April 2004 12:07 pm, Younger Wang wrote: > If the broadcast packets traverse the chains, they should be put to > INPUT chain. Is there a way to transfer a packet from INPUT chain to > FORWARD chain? DNAT in PREROUTING? In theory this would do what you want, however I'm sure it won't work. Regards, Antony. -- The idea that Bill Gates appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place. - Douglas Adams in The Guardian, 25th August 1995 Please reply to the list; please don't CC me. ^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: Is it possible to forward broadcasting with IPtables? 2004-04-07 11:14 ` Antony Stone @ 2004-04-07 15:19 ` Younger Wang 2004-04-07 16:08 ` John A. Sullivan III 0 siblings, 1 reply; 6+ messages in thread From: Younger Wang @ 2004-04-07 15:19 UTC (permalink / raw) To: netfilter I tried DNAT in PREROUTING. Take an example: The broadcasting is send from 10.0.0.22/24 to 10.0.0.255/24. I want the router( 10.0.0.1, 192.168.0.1 ) to forward it as from 10.0.0.22/24 to 192.168.0.255/24. I added: Iptables -t nat -A PREROUTING -p udp -d 10.0.0.255 --dport 137 -j DNAT --to-destination 192.168.0.255 The result is: 10.0.0.22-->10.0.0.255 was changed to 10.0.0.22-->192.168.0.255 in PREROUTING. Later on, in routing decision, it's still put to the INPUT chain because the router also listens to 192.168.0.255. That's the reason why DNAT in PREROUTING does not work and why I want to transfer the packet from INPUT chain to forward chain. BR Younger Wang -----Original Message----- From: netfilter-admin@lists.netfilter.org [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Antony Stone Sent: Wednesday, April 07, 2004 7:15 PM To: netfilter@lists.netfilter.org Subject: Re: Is it possible to forward broadcasting with IPtables? On Wednesday 07 April 2004 12:07 pm, Younger Wang wrote: > If the broadcast packets traverse the chains, they should be put to > INPUT chain. Is there a way to transfer a packet from INPUT chain to > FORWARD chain? DNAT in PREROUTING? In theory this would do what you want, however I'm sure it won't work. Regards, Antony. -- The idea that Bill Gates appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place. - Douglas Adams in The Guardian, 25th August 1995 Please reply to the list; please don't CC me. ^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: Is it possible to forward broadcasting with IPtables? 2004-04-07 15:19 ` Younger Wang @ 2004-04-07 16:08 ` John A. Sullivan III 0 siblings, 0 replies; 6+ messages in thread From: John A. Sullivan III @ 2004-04-07 16:08 UTC (permalink / raw) To: Younger Wang; +Cc: netfilter I've neither tried it nor thought it through but would the NAT capabilities of iproute2 help here? Will iproute2 change the address before Netfilter makes a decision of which filter table chain to use? - John On Wed, 2004-04-07 at 11:19, Younger Wang wrote: > I tried DNAT in PREROUTING. > > Take an example: > The broadcasting is send from 10.0.0.22/24 to 10.0.0.255/24. I want the > router( 10.0.0.1, 192.168.0.1 ) to forward it as from 10.0.0.22/24 to > 192.168.0.255/24. > > I added: > Iptables -t nat -A PREROUTING -p udp -d 10.0.0.255 --dport 137 -j DNAT > --to-destination 192.168.0.255 > > The result is: 10.0.0.22-->10.0.0.255 was changed to > 10.0.0.22-->192.168.0.255 in PREROUTING. Later on, in routing decision, > it's still put to the INPUT chain because the router also listens to > 192.168.0.255. That's the reason why DNAT in PREROUTING does not work > and why I want to transfer the packet from INPUT chain to forward chain. > > > BR > Younger Wang > > -----Original Message----- > From: netfilter-admin@lists.netfilter.org > [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Antony Stone > Sent: Wednesday, April 07, 2004 7:15 PM > To: netfilter@lists.netfilter.org > Subject: Re: Is it possible to forward broadcasting with IPtables? > > On Wednesday 07 April 2004 12:07 pm, Younger Wang wrote: > > > If the broadcast packets traverse the chains, they should be put to > > INPUT chain. Is there a way to transfer a packet from INPUT chain to > > FORWARD chain? > > DNAT in PREROUTING? > > In theory this would do what you want, however I'm sure it won't work. > > Regards, > > Antony. -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@nexusmgmt.com ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2004-04-07 16:08 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2004-04-07 6:38 Is it possible to forward broadcasting with IPtables? Younger Wang 2004-04-07 9:40 ` Antony Stone 2004-04-07 11:07 ` Younger Wang 2004-04-07 11:14 ` Antony Stone 2004-04-07 15:19 ` Younger Wang 2004-04-07 16:08 ` John A. Sullivan III
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.