mangle table

mangle table

[Jee J.Z.]

Hi all,

Could anybody tell me or point me to some tutorials on what exactly the
mangle table of iptables can do and how to use the mangle table?

Thank you in advanced!

Regards,
Jee

Re: mangle table

[Patrick Turley]

Have a look at the KPTD on http://www.docum.org

Jee J.Z. wrote:
> Hi all,
> 
> Could anybody tell me or point me to some tutorials on what exactly the
> mangle table of iptables can do and how to use the mangle table?
> 
> Thank you in advanced!
> 
> Regards,
> Jee
> 
> 
> 

iptables issue (udp -> esp)??

[Devaraj Das]

Hi,
I am trying to set up a NAT for VPN access. The clients are in a private
network. To start with, I added just one (and only one) iptables rule in the
gateway (for one particular client-ip-addr):
iptables -t nat -I POSTROUTING 1 -o eth0 -s 10.0.1.2  -j SNAT --to
15.76.97.136

10.0.1.2 can talk (telnet, ping) to any host in 15.76.* network. However, the
communication is problematic when the key-exchange negotiation (using racoon,
version ipsec-tools-0.3) happens. I doubt that the issue has anything to do
with racoon. What happens is that the VPN server 15.76.98.218 receives the
ISAKMP packet in perfect condition and responds back with another. However,
what reaches the client is an ESP packet!!
All port information seems to be lost!

In the tcpdump output below, read ebnt136 as the gateway, lx98218 as the VPN
server.

Here is the tcpdump output on the vpn server machine (when the client starts
the isakmp exchange):
ebnt136.india.hp.com.4500 > lx98218.india.hp.com.isakmp: isakmp: phase 1
I ident: [|sa] (DF)
lx98218.india.hp.com.isakmp > ebnt136.india.hp.com.4500: isakmp: phase 1
R ident: [|sa] (DF)

Here is the output on the client (10.0.1.2):
10.0.1.2:4500 > lx98218.india.hp.com.isakmp: isakmp: phase 1 I ident:
[|sa] (DF)
10.0.1.2:4500 > lx98218.india.hp.com.isakmp: isakmp: phase 1 I ident:
[|sa] (DF)
lx98218.india.hp.com > 10.0.1.2: ESP(spi=0x..., seq=0x...)
lx98218.india.hp.com > 10.0.1.2: ESP(spi=0x..., seq=0x...)

The response packets never reaches racoon on the client.

I am using Linux Kernel 2.6.0 on the client and the server and Linux Kernel
2.4.6 on the gateway. The version of iptables on the gateway is 1.2.2.

Is this an iptables/kernel (on the gateway) issue? Would really appreciate
any help in this regard.

Thanks,
Devaraj.

Re: mangle table

[Frank Gruellich]

* Jee J.Z. <jz105@york.ac.uk> 19. Apr 04:
> Hi all,

Hello,

> Could anybody tell me or point me to some tutorials on what exactly the
> mangle table of iptables can do

<URL:http://iptables-tutorial.frozentux.net/chunkyhtml/mangletable.html>

> and how to use the mangle table?

<URL:http://iptables-tutorial.frozentux.net/chunkyhtml/targets.html#MARKTARGET>
<URL:http://iptables-tutorial.frozentux.net/chunkyhtml/targets.html#TOSTARGET>
<URL:http://iptables-tutorial.frozentux.net/chunkyhtml/targets.html#TTLTARGET>

> Thank you in advanced!

HTH,
 regards, Frank.
-- 
Sigmentation fault