PREROUTING doesn't catch all packets?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michael Gundlach <gundlach@cs.uga.edu>
To: netfilter-devel@lists.netfilter.org
Subject: PREROUTING doesn't catch all packets?
Date: Wed, 19 Feb 2003 14:18:30 -0500	[thread overview]
Message-ID: <20030219141830.A8641@cs.uga.edu> (raw)

Hi again everyone,

I have the following iptables rules on my bridging Linux box:

iptables -t nat -F
iptables -t nat -A PREROUTING -j QUEUE
iptables -t nat -A OUTPUT -j QUEUE

I then have a box connected to one NIC of the bridge telnet to a box
connected to the other NIC of the bridge.  I use libipq to catch all
packets, print them out, and reinject them.

If I understand things correctly, all packets coming in on either bridge
interface pass through the PREROUTING hook, so I should see every single
one.  However, all I see (aka, all that ipq_read catches) is the SYN packet
from the client to the server.

Worse yet, when I add
  iptables -A FORWARD -j QUEUE
to the list, I see every packet - and the SYN packet twice.  So all packets
hit the FORWARD chain, but only the SYN packet hits the PREROUTING chain!

Am I misusing the nat table or something?  Shouldn't I be able to see all
packets?  (I need to use PREROUTING for an application that is modifying
the destination IP of incoming packets, so "use the FORWARDING chain
instead" isn't a sufficient answer.)

Thanks for your help, everybody.

Michael

next             reply	other threads:[~2003-02-19 19:18 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-02-19 19:18 Michael Gundlach [this message]
2003-02-19 20:19 ` PREROUTING doesn't catch all packets? Patrick Schaaf
2003-02-19 22:50   ` Michael Gundlach

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030219141830.A8641@cs.uga.edu \
    --to=gundlach@cs.uga.edu \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.