Re: NAT PREROUTING chain ignored on returning traffic ??

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Zoilo <zoilo@xs4all.nl>
To: Jim Carter <jimc@math.ucla.edu>, Philip Craig <philipc@snapgear.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: NAT PREROUTING chain ignored on returning traffic ??
Date: Mon, 01 Sep 2003 15:58:47 +0200	[thread overview]
Message-ID: <3F535097.6090400@xs4all.nl> (raw)
In-Reply-To: <Pine.LNX.4.53.0308302220210.5528@xena.cft.ca.us>

Thank you for this refresh cycle on my memory!

Z.

Jim Carter wrote:

>On Fri, 29 Aug 2003, Zoilo wrote:
>  
>
>>I have 2 machines connected via a LAN: 192.168.192.254 and
>>192.168.192.123. I will call the '254' and '123' from now on.
>>    
>>
>--- snip ---
>  
>
>>Then I did a single 'ping' from one to the other, and vice versa, while
>>logging at 123.
>>    
>>
>--- snip ---
>  
>
>>To my astonishment, in II) the returning ICMP packets do *not* travel
>>through the NAT PREROUTING chain! In I) however, the incoming packets
>>*do* travel through the NAT PREROUTING chain, as expected.
>>    
>>
>
>The NAT PREROUTING chain is for packets from outside the machine that
>initiate a connection (whether thru traffic, or destined for the machine
>itself).  ICMP echo exchanges are tracked by conntrack and count as a
>connection.  So when on 254 you do "ping 123", 123 will log the packet in
>the NAT table, whereas on 123 you do "ping 254", but the answer is part of
>the established connection.  The only NATting that will happen, happens on
>254 when it gets the echo query packet.
>
>Hope this helps!
>
>James F. Carter          Voice 310 825 2897    FAX 310 206 6673
>UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
>Email: jimc@math.ucla.edu  http://www.math.ucla.edu/~jimc (q.v. for PGP key)
>
>
>  
>

next prev parent reply	other threads:[~2003-09-01 13:58 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-08-29 18:57 NAT PREROUTING chain ignored on returning traffic ?? Zoilo
2003-08-31  5:31 ` Jim Carter
2003-09-01 13:58   ` Zoilo [this message]
2003-09-01  7:46 ` Philip Craig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3F535097.6090400@xs4all.nl \
    --to=zoilo@xs4all.nl \
    --cc=jimc@math.ucla.edu \
    --cc=netfilter@lists.netfilter.org \
    --cc=philipc@snapgear.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.