Re: Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ralph de Boom <lkml@deboom.biz>
To: Richard Horton <richard.horton@solstans.co.uk>
Cc: Patrick McHardy <kaber@trash.net>, netfilter@vger.kernel.org
Subject: Re: Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?
Date: Tue, 10 Nov 2009 18:34:15 +0100	[thread overview]
Message-ID: <4AF9A417.4080005@deboom.biz> (raw)
In-Reply-To: <4AF310FC.1060505@deboom.biz>

Ralph de Boom schreef:
> Richard Horton schreef:
>>> Right, at this point you've lost me, how I will manage to do that, 
>>> and where
>>> does the infomation get stored?
>>>     
>>
>> You will need to turn trace on...
>> iptables -A PREROUTING -t raw -J TRACE will turn tracing on for 
>> everything.
>>
>> The information is then stored in the syslog as per your syslog
>> configuration - TRACE will show which rules etc your packets have
>> encountered.
>>
>>   
> Ok got that since kern.log will get majorly flooded I grepped the output.
> If needed I can attach the whole log?
>
> cat kern.log | grep 81.4.97.
>
> Nov  5 18:48:14 sakura kernel: [  194.028498] fwmark 0x1: IN=eth1 OUT= 
> MAC=00:1b:21:2d:a9:fa:00:1b:21:32:99:5f:08:00 SRC=192.168.1.30 
> DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=13005 DF 
> PROTO=TCP SPT=52436 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x1
> Nov  5 18:48:14 sakura kernel: [  194.028527] TRACE: 
> mangle:PREROUTING:policy:3 IN=eth1 OUT= 
> MAC=00:1b:21:2d:a9:fa:00:1b:21:32:99:5f:08:00 SRC=192.168.1.30 
> DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=13005 DF 
> PROTO=TCP SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00 
> SYN URGP=0 OPT (0204116C01010402) MARK=0x1
> Nov  5 18:48:14 sakura kernel: [  194.028570] TRACE: 
> mangle:FORWARD:policy:1 IN=eth1 OUT=eth0 SRC=192.168.1.30 
> DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13005 DF 
> PROTO=TCP SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00 
> SYN URGP=0 OPT (0204116C01010402) MARK=0x1
> Nov  5 18:48:14 sakura kernel: [  194.028598] TRACE: 
> filter:FORWARD:rule:1 IN=eth1 OUT=eth0 SRC=192.168.1.30 
> DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13005 DF 
> PROTO=TCP SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00 
> SYN URGP=0 OPT (0204116C01010402) MARK=0x1
> Nov  5 18:48:14 sakura kernel: [  194.028626] TRACE: 
> mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=192.168.1.30 
> DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13005 DF 
> PROTO=TCP SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00 
> SYN URGP=0 OPT (0204116C01010402) MARK=0x1
> Nov  5 18:48:14 sakura kernel: [  194.149805] TRACE: 
> raw:PREROUTING:policy:2 IN=eth0 OUT= 
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160 
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP 
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov  5 18:48:14 sakura kernel: [  194.149861] TRACE: 
> mangle:PREROUTING:policy:3 IN=eth0 OUT= 
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160 
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP 
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov  5 18:48:15 sakura kernel: [  195.173980] TRACE: 
> raw:PREROUTING:policy:2 IN=eth0 OUT= 
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160 
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP 
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov  5 18:48:15 sakura kernel: [  195.174046] TRACE: 
> mangle:PREROUTING:policy:3 IN=eth0 OUT= 
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160 
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP 
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov  5 18:48:27 sakura kernel: [  207.173329] TRACE: 
> raw:PREROUTING:policy:2 IN=eth0 OUT= 
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160 
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP 
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov  5 18:48:27 sakura kernel: [  207.173394] TRACE: 
> mangle:PREROUTING:policy:3 IN=eth0 OUT= 
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160 
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP 
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov  5 18:48:52 sakura kernel: [  231.380824] TRACE: 
> raw:PREROUTING:policy:2 IN=eth0 OUT= 
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160 
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP 
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov  5 18:48:52 sakura kernel: [  231.380891] TRACE: 
> mangle:PREROUTING:policy:3 IN=eth0 OUT= 
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160 
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP 
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov  5 18:49:40 sakura kernel: [  279.579532] TRACE: 
> raw:PREROUTING:policy:2 IN=eth0 OUT= 
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160 
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP 
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov  5 18:49:40 sakura kernel: [  279.579591] TRACE: 
> mangle:PREROUTING:policy:3 IN=eth0 OUT= 
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160 
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP 
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 
> ACK SYN URGP=0 OPT (020405B401010402)
Im pretty patient, but since I haven't seen a response in a week I'm 
poking you guys again.

next prev parent reply	other threads:[~2009-11-10 17:34 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-11-04  0:49 Iptables v1.4.4 + kernel 2.6.31 mangle marking changed? Ralph de Boom
2009-11-04 11:16 ` Patrick McHardy
2009-11-04 13:15   ` Ralph de Boom
2009-11-04 14:10     ` Patrick McHardy
2009-11-04 15:53       ` Ralph de Boom
2009-11-05 11:52         ` Richard Horton
2009-11-05 17:53           ` Ralph de Boom
2009-11-10 17:34             ` Ralph de Boom [this message]
2009-11-11  8:33               ` Richard Horton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4AF9A417.4080005@deboom.biz \
    --to=lkml@deboom.biz \
    --cc=kaber@trash.net \
    --cc=netfilter@vger.kernel.org \
    --cc=richard.horton@solstans.co.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.