Re: conntrack -L shows an entry, conntrack -G doesn't

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: synapse@hippy.csoma.elte.hu
Cc: netfilter-devel@vger.kernel.org
Subject: Re: conntrack -L shows an entry, conntrack -G doesn't
Date: Thu, 07 Aug 2008 10:36:13 +0200	[thread overview]
Message-ID: <489AB3FD.5010206@netfilter.org> (raw)
In-Reply-To: <55990.80.98.202.103.1218034911.squirrel@hippy.csoma.elte.hu>

synapse@hippy.csoma.elte.hu wrote:
> root@test:~# conntrack -L -s 192.168.13.12 -q 192.168.13.12 -p tcp
> --orig-port-src
> 49939 --reply-port-src 12345
>     tcp      6 431950 ESTABLISHED src=192.168.13.12 dst=217.20.131.2
> sport=49939
> dport=22 packets=2 bytes=112 src=127.0.0.1
>     dst=192.168.13.12     sport=12345 dport=49939 packets=1 bytes=60
> [ASSURED]
> mark=0 use=1
> 
> root@test:~# conntrack -G -s 192.168.13.12 -q 192.168.13.12 -p tcp
> --orig-port-src
> 49939 --reply-port-src 12345
>     Operation failed: such conntrack doesn't exist

My git snapshot fails as there are missing parameters:
conntrack v0.9.7: missing IP address
Try `conntrack -h' or 'conntrack --help' for more information.

> The redirection is done as:
> 
>     iptables -t nat -F
>     iptables -t nat -X
>     iptables -t nat -Z
> 
>     iptables -t nat -A OUTPUT -p tcp --destination-port 22 -j REDIRECT
> --to-ports 1234
> 
> I am using the latest ubuntu btw (upgraded fully), with versions:
>     conntrack                           1.00~beta2-1

This version is very old. The conntrack package was superseded by the
conntrack-tools. Please, check http://conntrack-tools.netfilter.org to
get the latest.

> Basically I am clueless here as to why -L shows the connection and -G
> doesn't. My goal is to
> transparently proxy outgoing connections through my program. Therefore I
> need to detect
> what its' original destination would be from the information seen by the
> program on
> 12345.

As for now, the -G command requires the tuple {source, destination,
source port, destination port, protocol}.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

     prev parent reply	other threads:[~2008-08-07  8:36 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-06 15:01 conntrack -L shows an entry, conntrack -G doesn't synapse
2008-08-07  8:36 ` Pablo Neira Ayuso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=489AB3FD.5010206@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=synapse@hippy.csoma.elte.hu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.