Dynamically changing destination ip address using iptables

All of lore.kernel.org
 help / color / mirror / Atom feed

* Dynamically changing destination ip address using iptables - IMP
@ 2005-09-01  1:44 kavitha
  2005-09-01  3:46 ` Grant Taylor
  2005-09-01  4:36 ` Venkata Narayana
  0 siblings, 2 replies; 3+ messages in thread
From: kavitha @ 2005-09-01  1:44 UTC (permalink / raw)
  To: netfilter

Hi,

We are trying to modify the TCP protocol a little but so that when a packet arrives at a router, it would be possible to read a particular field (lets say options or the reserved field) of the packet(that would give the actual path that the packet needs to take) and populate the destination ip address of that packet with the new ipadress read from this reserved field. I know that using dnat you can change the destination ipaddress of the packet but in my problem, I would not knwo the destination ipaddress prior (it would be dynamic) and it would change with every packet - so I would not be able to use a static ip address in the iptables rule. So I wanted to know if there is anyt way to get around this , or if iptables would not provide a solution to thsi problem at all . I knwo this can be done using raw sockets but adding a single line (as in iptables) seems to be a better proposition t
 han writing pages of code. Basically, I want to know if there is a way to dynamically configure
 the destination ipaddress that a packet is being routed to by mapping certain other bits of the same packet coming in. 

It would really help if someoen can provide some information in this regard. Any pointers too would really be useful.I looked at the man pages and searched the internet but was not able to come across any rela examples where such a thing may have been used.

Thanks for your time! Please let me know if you need more clarifications!
Kavitha

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Dynamically changing destination ip address using iptables - IMP
  2005-09-01  1:44 Dynamically changing destination ip address using iptables - IMP kavitha
@ 2005-09-01  3:46 ` Grant Taylor
  2005-09-01  4:36 ` Venkata Narayana
  1 sibling, 0 replies; 3+ messages in thread
From: Grant Taylor @ 2005-09-01  3:46 UTC (permalink / raw)
  To: netfilter

> We are trying to modify the TCP protocol a little but so that when a packet arrives at a router, it would be possible to read a particular field (lets say options or the reserved field) of the packet(that would give the actual path that the packet needs to take) and populate the destination ip address of that packet with the new ipadress read from this reserved field. I know that using dnat you can change the destination ipaddress of the packet but in my problem, I would not knwo the destination ipaddress prior (it would be dynamic) and it would change with every packet - so I would not be able to use a static ip address in the iptables rule. So I wanted to know if there is anyt way to get around this , or if iptables would not provide a solution to thsi problem at all . I knwo this can be done using raw sockets but adding a single line (as in iptables) seems to be a better proposition
  than writing pages of code. Basically, I want to know if there is a way to dynamically co
nfigure the destination ipaddress that a packet is being routed to by mapping certain other bits of the same packet coming in. 

(IMHO) This is WAY out side the scope of IPTables.  If you are wanting to do something like this I think you should write a small program that would read the destination from the other field and set it as the IP destination of the packet.  If you did this and did it in the Mangle table PREROUTING chain I think you could then DNAT as you would like with IPTables as you would then have an IP address that you could check against.  That is if I understand you correctly.  As I understand it IPTables is meant to try to fall with in the IP standards and not go out side of it (at least I have not seen any thing to the contrary).  What I mean is that IPTables (and it's associated brethren EBTables and ARPTables) try to work on existing standards with out using non standard things or altering a packet in a way that would make the resulting packet non standard.  As such I don't think what you are w
 anting to do is with in the guys of IPTables.  Sorry.  The only other option that comes to
 mind is to use the QUEUE target and pass the packet to a user space daemon.

Grant. . . .

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Dynamically changing destination ip address using iptables - IMP
  2005-09-01  1:44 Dynamically changing destination ip address using iptables - IMP kavitha
  2005-09-01  3:46 ` Grant Taylor
@ 2005-09-01  4:36 ` Venkata Narayana
  1 sibling, 0 replies; 3+ messages in thread
From: Venkata Narayana @ 2005-09-01  4:36 UTC (permalink / raw)
  To: kavitha, netfilter

This can be achievded by doing dynamic updation of
rule. When-ever any change in your desination address
then change the rule with new value without staring or
stoping iptable service command.


--- kavitha <fd99127@yahoo.com> wrote:

> Hi,
>  
> We are trying to modify the TCP protocol a little
> but so that when a packet arrives at a router, it
> would be possible to read a particular field (lets
> say options or the reserved field) of the
> packet(that would give the actual path that the
> packet needs to take) and populate the destination
> ip address of that packet with the new ipadress read
> from this reserved field. I know that using dnat you
> can change the destination ipaddress of the packet
> but in my problem, I would not knwo the destination
> ipaddress prior (it would be dynamic) and it would
> change with every packet - so I would not be able to
> use a static ip address in the iptables rule. So I
> wanted to know if there is anyt way to get around
> this , or if iptables would not provide a solution
> to thsi problem at all . I knwo this can be done
> using raw sockets but adding a single line (as in
> iptables) seems to be a better proposition than
> writing pages of code. Basically, I want to know if
> there is a way to dynamically configure
>  the destination ipaddress that a packet is being
> routed to by mapping certain other bits of the same
> packet coming in. 
>  
> It would really help if someoen can provide some
> information in this regard. Any pointers too would
> really be useful.I looked at the man pages and
> searched the internet but was not able to come
> across any rela examples where such a thing may have
> been used.
>  
> Thanks for your time! Please let me know if you need
> more clarifications!
> Kavitha
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> 



		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2005-09-01  4:36 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-01  1:44 Dynamically changing destination ip address using iptables - IMP kavitha
2005-09-01  3:46 ` Grant Taylor
2005-09-01  4:36 ` Venkata Narayana

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.