All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Losing Packets after a DNAT in prerouting
@ 2005-07-14  5:54 Jefferson Cowart
  2005-07-15  3:42 ` pramod
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: Jefferson Cowart @ 2005-07-14  5:54 UTC (permalink / raw)
  To: lartc

I'm trying to setup some DNAT and the packets seem to be disappearing after
the PREROUTING step. The packets are coming in eth2 (both LOG targets in
iptables and tcpdump confirm this). They are then DNATed to an IP that
should cause them to go out eth3. However I never see them go out that
interface. I have tried putting LOG rules into the FORWARD chain with no
success. I'm pretty sure the packet isn't hitting a DROP rule as all my DROP
rules have a LOG rule directly in front of them. Any idea how to track down
the missing packets?

----------------
Thanks
Jefferson Cowart
Jeff@cowart.net  

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [LARTC] Losing Packets after a DNAT in prerouting
  2005-07-14  5:54 [LARTC] Losing Packets after a DNAT in prerouting Jefferson Cowart
@ 2005-07-15  3:42 ` pramod
  2005-07-16  7:32 ` Jefferson Cowart
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: pramod @ 2005-07-15  3:42 UTC (permalink / raw)
  To: lartc

Can u attach ur Rules file..

thanks
 pramod
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [LARTC] Losing Packets after a DNAT in prerouting
  2005-07-14  5:54 [LARTC] Losing Packets after a DNAT in prerouting Jefferson Cowart
  2005-07-15  3:42 ` pramod
@ 2005-07-16  7:32 ` Jefferson Cowart
  2005-07-16  9:36 ` pramod
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: Jefferson Cowart @ 2005-07-16  7:32 UTC (permalink / raw)
  To: lartc

Sorry this took so long. In any case I've included all the parts of my 
rules file that I think are relevent below. Let me know if there is 
anything else needed.

When I send packets to 134.173.95.144 I see them appear in the tcpdump 
on the incoming interface (eth2). I also see them in my kernel log from 
the log entry in the prerouting chain. I however do not see them in my 
forward chain and they don't actually make it to 192.168.5.9. (I've 
tried adding logging rules there, but the packets don't appear. All my 
drop rules are preceded by a log step.)

Firewall Rules
===
Chain PREROUTING (policy ACCEPT 13M packets, 2207M bytes)
  pkts bytes target     prot opt in     out     source 
destination
     3   144 LOG        tcp  --  eth2   *       134.173.64.0/19 
134.173.95.144      tcp dpt:3389 LOG flags 0 level 4
     3   144 DNAT       tcp  --  eth2   *       134.173.64.0/19 
134.173.95.144      tcp dpt:3389 to:192.168.5.9:3389

Chain FORWARD (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source 
destination
     0     0 ACCEPT     tcp  --  eth2   eth3    134.173.64.0/19 
192.168.5.9         tcp dpt:3389


Routing Rules
==# ip rule
0:      from all lookup local
200:    from 134.173.69.154/31 lookup 200
201:    from 134.173.91.144/30 lookup 201
202:    from 134.173.95.144/30 lookup 202
203:    from 192.168.5.128/25 lookup 203
204:    from 192.168.5.0/25 lookup 204
250:    from all lookup 250

# ip route show table 250
192.168.5.0/24 dev eth3  scope link
134.173.68.0/23 dev eth0  scope link
134.173.92.0/22 dev eth2  scope link
134.173.88.0/22 dev eth1  scope link
default via 134.173.69.254 dev eth0



pramod wrote:
> Can u attach ur Rules file..
> 
> thanks
> pramod
> 
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [LARTC] Losing Packets after a DNAT in prerouting
  2005-07-14  5:54 [LARTC] Losing Packets after a DNAT in prerouting Jefferson Cowart
  2005-07-15  3:42 ` pramod
  2005-07-16  7:32 ` Jefferson Cowart
@ 2005-07-16  9:36 ` pramod
  2005-07-16 21:13 ` Jefferson Cowart
  2005-07-18  5:20 ` pramod
  4 siblings, 0 replies; 6+ messages in thread
From: pramod @ 2005-07-16  9:36 UTC (permalink / raw)
  To: lartc

 Did u do this

cat /proc/sys/net/ipv4/conf/all/forwarding 
the output should be 1
Also
cat /proc/sys/net/ipv4/conf/all/arp_filter
this should also be 1

thanks 
  pramod




_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
* RE: [LARTC] Losing Packets after a DNAT in prerouting
  2005-07-14  5:54 [LARTC] Losing Packets after a DNAT in prerouting Jefferson Cowart
                   ` (2 preceding siblings ...)
  2005-07-16  9:36 ` pramod
@ 2005-07-16 21:13 ` Jefferson Cowart
  2005-07-18  5:20 ` pramod
  4 siblings, 0 replies; 6+ messages in thread
From: Jefferson Cowart @ 2005-07-16 21:13 UTC (permalink / raw)
  To: lartc

I had already done the first of those. Changing the second didn't seem to
fix anything.


----------------
Thanks
Jefferson Cowart
Jeff@cowart.net   

> -----Original Message-----
> From: pramod [mailto:pramod@atheros.com] 
> Sent: Saturday, July 16, 2005 02:24
> To: Jefferson Cowart
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] Losing Packets after a DNAT in prerouting
> 
>  Did u do this
> 
> cat /proc/sys/net/ipv4/conf/all/forwarding 
> the output should be 1
> Also
> cat /proc/sys/net/ipv4/conf/all/arp_filter
> this should also be 1
> 
> thanks 
>   pramod
> 
> 
> 
> 
> 

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [LARTC] Losing Packets after a DNAT in prerouting
  2005-07-14  5:54 [LARTC] Losing Packets after a DNAT in prerouting Jefferson Cowart
                   ` (3 preceding siblings ...)
  2005-07-16 21:13 ` Jefferson Cowart
@ 2005-07-18  5:20 ` pramod
  4 siblings, 0 replies; 6+ messages in thread
From: pramod @ 2005-07-18  5:20 UTC (permalink / raw)
  To: lartc

I am sorry
In the second option i did a mistake
Do the following things...
1) Restore the arp_filter to default..
2) Set rp_filter to 0 (zero)

thanks
 pramod
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2005-07-18  5:20 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-14  5:54 [LARTC] Losing Packets after a DNAT in prerouting Jefferson Cowart
2005-07-15  3:42 ` pramod
2005-07-16  7:32 ` Jefferson Cowart
2005-07-16  9:36 ` pramod
2005-07-16 21:13 ` Jefferson Cowart
2005-07-18  5:20 ` pramod

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.