From mboxrd@z Thu Jan  1 00:00:00 1970
From: FB <register@flintz.de>
Date: Sat, 22 Jan 2005 20:58:52 +0000
Subject: [LARTC] Layer 7 packet classifier doesn't recognize packets sent by the router
Message-Id: <41F2BE8C.9050101@flintz.de>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi there,

I have a little problem. I had this some months ago but didn't solve it 
back then. I have patched my kernel with Layer 7 support and patched my 
iptables to support it, too.
Now I inserted this line in my firewall script on my router for testing 
purpose:

  $IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp -m layer7 
--l7proto http -j DROP

It works, BUT only if the connection is established by a pc BEHIND the 
router (the connection is blocked). If I try to establish a http 
connection from the router itself it works completely (layer 7 is NOT 
working, the connection is working, thats what I wanted to say *g*.
Now I changed the line above to this:

  $IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp --dport 80 -j 
DROP

and see, it works in BOTH cases. But thats no solution as I need Layer 7 
also for router-connections. I also tried ftp als layer7 protocol, same 
thing.

Anyone has an idea why this is happening?

Thanks in advance.

-FB
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/