iptables - losing packets between mangle and nat

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel <damage@rooties.de>
To: Netfilter List <netfilter@lists.netfilter.org>
Subject: iptables - losing packets between mangle and nat
Date: Sun, 8 Jan 2006 01:51:02 +0100	[thread overview]
Message-ID: <200601080151.02899.damage@rooties.de> (raw)

Hi,
I'm trying to create an net-to-net VPN.

{192.168.0.0/24}--[192.168.0.1]-VPN/INET-[192.168.1.1]--{192.168.1.0/24}
       LAN           GATEWAY                GATEWAY           LAN

Everything seems to be fine:
1. I'm able to ping 192.168.1.1 from 192.168.0.1 (so, racoon allready
established the tunnel
2. I'm able to ping 192.168.0.1 from 192.168.1.1 (so, both ways are ok)
3. if I try to ping 192.168.1.1 from 192.168.0.0/24 then racoon is
establishing the tunnel
4. if I try to ping 192.168.0.1 from 192.168.1.0/24 then racoon is
establishing the tunnel

But in case 3 und 4 the client from the LAN does not got an reply on his
request. As I noticed the problem is the gateway from the lan which the
client is in (so in case 3 the problem is 192.168.0.1). Also (in case 3) I
noticed that the reply has been send from 192.168.1.1 but it gets "lost" on
192.168.0.1.

So I added some rules to iptables on 192.168.0.1 and I noticed that the packet
access the PREROUTING chain in the table mangle but never access the
PREROUTING chain in the table nat. I think it should because of the packet 
flow (http://www.siliconvalleyccie.com/images/iptables.gif) ?!?!?!

Why does this packet never access the PREROUTING chain in "nat" (and all other 
following chains)? Any suggestions?

Daniel

next             reply	other threads:[~2006-01-08  0:51 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-08  0:51 Daniel [this message]
2006-01-08 15:30 ` iptables - losing packets between mangle and nat Daniel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200601080151.02899.damage@rooties.de \
    --to=damage@rooties.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.