* iptables - losing packets between mangle and nat
@ 2006-01-08 0:51 Daniel
2006-01-08 15:30 ` Daniel
0 siblings, 1 reply; 2+ messages in thread
From: Daniel @ 2006-01-08 0:51 UTC (permalink / raw)
To: Netfilter List
Hi,
I'm trying to create an net-to-net VPN.
{192.168.0.0/24}--[192.168.0.1]-VPN/INET-[192.168.1.1]--{192.168.1.0/24}
LAN GATEWAY GATEWAY LAN
Everything seems to be fine:
1. I'm able to ping 192.168.1.1 from 192.168.0.1 (so, racoon allready
established the tunnel
2. I'm able to ping 192.168.0.1 from 192.168.1.1 (so, both ways are ok)
3. if I try to ping 192.168.1.1 from 192.168.0.0/24 then racoon is
establishing the tunnel
4. if I try to ping 192.168.0.1 from 192.168.1.0/24 then racoon is
establishing the tunnel
But in case 3 und 4 the client from the LAN does not got an reply on his
request. As I noticed the problem is the gateway from the lan which the
client is in (so in case 3 the problem is 192.168.0.1). Also (in case 3) I
noticed that the reply has been send from 192.168.1.1 but it gets "lost" on
192.168.0.1.
So I added some rules to iptables on 192.168.0.1 and I noticed that the packet
access the PREROUTING chain in the table mangle but never access the
PREROUTING chain in the table nat. I think it should because of the packet
flow (http://www.siliconvalleyccie.com/images/iptables.gif) ?!?!?!
Why does this packet never access the PREROUTING chain in "nat" (and all other
following chains)? Any suggestions?
Daniel
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: iptables - losing packets between mangle and nat
2006-01-08 0:51 iptables - losing packets between mangle and nat Daniel
@ 2006-01-08 15:30 ` Daniel
0 siblings, 0 replies; 2+ messages in thread
From: Daniel @ 2006-01-08 15:30 UTC (permalink / raw)
To: netfilter
Hi,
I marked the packets from 192.168.1.0/24 in the PREROUTING Chain in table
mangle. After that I created in every Chain in tables nat/mangle/filter an
ACCEPT rule for the marked packets. But I did not see them any more... Now
I'm really confused... What is going on there? Where are the packets going?
Did I forgot to set a sysctl flag in /proc/sys/net/* ???
Please help me! Any suggestion is helpfull.
Daniel
Am Sonntag, 8. Januar 2006 01:51 schrieb Daniel:
> Hi,
> I'm trying to create an net-to-net VPN.
>
> {192.168.0.0/24}--[192.168.0.1]-VPN/INET-[192.168.1.1]--{192.168.1.0/24}
> LAN GATEWAY GATEWAY LAN
>
> Everything seems to be fine:
> 1. I'm able to ping 192.168.1.1 from 192.168.0.1 (so, racoon allready
> established the tunnel
> 2. I'm able to ping 192.168.0.1 from 192.168.1.1 (so, both ways are ok)
> 3. if I try to ping 192.168.1.1 from 192.168.0.0/24 then racoon is
> establishing the tunnel
> 4. if I try to ping 192.168.0.1 from 192.168.1.0/24 then racoon is
> establishing the tunnel
>
> But in case 3 und 4 the client from the LAN does not got an reply on his
> request. As I noticed the problem is the gateway from the lan which the
> client is in (so in case 3 the problem is 192.168.0.1). Also (in case 3) I
> noticed that the reply has been send from 192.168.1.1 but it gets "lost" on
> 192.168.0.1.
>
> So I added some rules to iptables on 192.168.0.1 and I noticed that the
> packet access the PREROUTING chain in the table mangle but never access the
> PREROUTING chain in the table nat. I think it should because of the packet
> flow (http://www.siliconvalleyccie.com/images/iptables.gif) ?!?!?!
>
> Why does this packet never access the PREROUTING chain in "nat" (and all
> other following chains)? Any suggestions?
>
> Daniel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-01-08 15:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-08 0:51 iptables - losing packets between mangle and nat Daniel
2006-01-08 15:30 ` Daniel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.