* Modifying Source Ip on input/prerouting
@ 2002-12-11 13:58 Stephane Jourdois
2002-12-11 15:02 ` Andrea Rossato
0 siblings, 1 reply; 4+ messages in thread
From: Stephane Jourdois @ 2002-12-11 13:58 UTC (permalink / raw)
To: netfilter
Hello all,
I would need to be able to modify the source ip on input GRE paquets.
This is because I'm trying to setup a pptp tunnel, via a router that
doesn't NAT correctly the GRE.
The client receives GRE, but replies with it's own local ip, then my
server cannot receive the answers... If I could just change the source
ip on those paquets, that would be perfect...
Thanks for your help,
--
/// Stephane Jourdois /"\ ASCII RIBBON CAMPAIGN \\\
((( Ingénieur développement \ / AGAINST HTML MAIL )))
\\\ 6, av. George V X ///
\\\ 75008 Paris / \ +33 6 8643 3085 ///
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Modifying Source Ip on input/prerouting
2002-12-11 13:58 Modifying Source Ip on input/prerouting Stephane Jourdois
@ 2002-12-11 15:02 ` Andrea Rossato
2002-12-11 15:38 ` Stephane Jourdois
0 siblings, 1 reply; 4+ messages in thread
From: Andrea Rossato @ 2002-12-11 15:02 UTC (permalink / raw)
To: netfilter
Stephane Jourdois wrote:
> I would need to be able to modify the source ip on input GRE paquets.
> This is because I'm trying to setup a pptp tunnel, via a router that
> doesn't NAT correctly the GRE.
> The client receives GRE, but replies with it's own local ip, then my
> server cannot receive the answers... If I could just change the source
> ip on those paquets, that would be perfect...
i don't know if I've got your problem correctly, also because I don't
know pptp too much (so, shut up, you'll say...;)
if you want to match gre packets and change their source address (not
the source addr. of encapsulated packets) you should be able with
iptables -A POSTROUTING -t nat -p gre -j SNAT --to-source
new-grepacket-source-addr
this will match all outgoing (from the client) traffic using gre protocol.
but is this what you need?
where are the tunnel end points? the router has two tunnels connecting
the server and the client? the tunnel is between the router and the server?
Instead, if you want to change source address of encasplulated packets,
that would be interesting...
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Modifying Source Ip on input/prerouting
2002-12-11 15:02 ` Andrea Rossato
@ 2002-12-11 15:38 ` Stephane Jourdois
2002-12-11 16:34 ` Andrea Rossato
0 siblings, 1 reply; 4+ messages in thread
From: Stephane Jourdois @ 2002-12-11 15:38 UTC (permalink / raw)
To: Andrea Rossato; +Cc: netfilter
On Wed, Dec 11, 2002 at 04:02:07PM +0100, Andrea Rossato wrote:
> Stephane Jourdois wrote:
> >I would need to be able to modify the source ip on input GRE paquets.
> >This is because I'm trying to setup a pptp tunnel, via a router that
> >doesn't NAT correctly the GRE.
> >The client receives GRE, but replies with it's own local ip, then my
> >server cannot receive the answers... If I could just change the source
> >ip on those paquets, that would be perfect...
>
> i don't know if I've got your problem correctly, also because I don't
> know pptp too much (so, shut up, you'll say...;)
no, no, I won't ;-)
> if you want to match gre packets and change their source address (not
> the source addr. of encapsulated packets) you should be able with
> iptables -A POSTROUTING -t nat -p gre -j SNAT --to-source
> new-grepacket-source-addr
> this will match all outgoing (from the client) traffic using gre protocol.
The problem is that I wan't to change the incoming traffic...
What I would need is something similar to :
-A PREROUTING -j SNAT --from-source xxx
> but is this what you need?
> where are the tunnel end points? the router has two tunnels connecting
> the server and the client? the tunnel is between the router and the server?
The server is My linux machine, on which I wan't to modify the GRE
traffic, because I don't have access to the gateway of the client (a
windows 2k, but that doesn't matter).
> Instead, if you want to change source address of encasplulated packets,
> that would be interesting...
mmm No, they are not. Well, they are over IP ;-)
Thanks for your help, anyway.
--
/// Stephane Jourdois /"\ ASCII RIBBON CAMPAIGN \\\
((( Ingénieur développement \ / AGAINST HTML MAIL )))
\\\ 6, av. George V X ///
\\\ 75008 Paris / \ +33 6 8643 3085 ///
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Modifying Source Ip on input/prerouting
2002-12-11 15:38 ` Stephane Jourdois
@ 2002-12-11 16:34 ` Andrea Rossato
0 siblings, 0 replies; 4+ messages in thread
From: Andrea Rossato @ 2002-12-11 16:34 UTC (permalink / raw)
To: netfilter
Stephane Jourdois wrote:
> The problem is that I wan't to change the incoming traffic...
> What I would need is something similar to :
> -A PREROUTING -j SNAT --from-source xxx
what you need is probably
iptables -A OUTPUT -t nat -j DNAT --to 1.2.3.4
iptables tutorial says that output chain in nat table is broken. but i
don't know if it still is.
andrea
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2002-12-11 16:34 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-12-11 13:58 Modifying Source Ip on input/prerouting Stephane Jourdois
2002-12-11 15:02 ` Andrea Rossato
2002-12-11 15:38 ` Stephane Jourdois
2002-12-11 16:34 ` Andrea Rossato
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.