From: Jeremy Freeman <jeremy@jrmy.net>
To: netfilter@lists.netfilter.org
Subject: Why is my nat pre chain being bypassed by streaming udp?
Date: Tue, 19 Dec 2006 11:59:41 -0800 [thread overview]
Message-ID: <458844AD.9000308@jrmy.net> (raw)
I am butting my head here folks for the past few days and hopefully
someone will be able to help me.
Background:
We receive streaming udp traffic from two sources destined for port
8302. They are always sending this traffic whether are box is on or not.
Just keeps on coming.
We want to split off the traffic from one of the sources and redirect it
to port 9302. They will not do this for us, so we need to use a REDIRECT
rule in the nat table to do this.
With every other chain empty and with an ACCEPT policy:
iptables -t nat -A PREROUTING -p udp -s <source2 ip> --dport 8302 -j
REDIRECT --to-ports 9302
however, traffic from source2 keeps on hitting 8302.
Doing a iptables -t nat -L -n -v shows:
0 0 REDIRECT udp -- * * <source2 ip>
0.0.0.0/0 udp dpt:8302 redir ports 9302
So the traffic is never getting picked up by the chain.
Even doing a general rule in the nat PREROUTING with no target shows
that no traffic is hitting:
0 0 udp -- * * <source2 ip> 0.0.0.0/0
This is a very simple box with only 1 interface (eth0).
I thought this may be due to connection tracking so I added a raw entry
to NOTRACK the traffic also:
Chain PREROUTING (policy ACCEPT 90101 packets, 12M bytes)
9491 1333K NOTRACK all -- * * <source2 ip> 0.0.0.0/0
So I see the raw chain is picking it up.. But it is skipping past the
nat chain.
Does anyone know why this is occurring?
One other thing to note is this traffic is being natted first by a cisco
router. But tcpdump shows it coming in as follows:
11:53:27.133025 IP <source2 ip>.32811 > 192.168.6.165.8302: UDP, length 255
11:53:27.133585 IP <source2 ip>.32811 > 192.168.6.165.8302: UDP, length 74
11:53:27.133876 IP <source2 ip>.32811 > 192.168.6.165.8302: UDP, length 74
11:53:27.335457 IP <source2 ip>.32811 > 192.168.6.165.8302: UDP, length 74
etc
Any help or ideas would be greatly appreciated.
--
Jeremy Freeman
etc etc
next reply other threads:[~2006-12-19 19:59 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-19 19:59 Jeremy Freeman [this message]
2006-12-20 16:10 ` Why is my nat pre chain being bypassed by streaming udp? Pascal Hambourg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=458844AD.9000308@jrmy.net \
--to=jeremy@jrmy.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.