* Urgent SNAT help required
@ 2005-05-09 8:30 cranium2003
2005-05-09 13:02 ` Vinay Reddy
0 siblings, 1 reply; 3+ messages in thread
From: cranium2003 @ 2005-05-09 8:30 UTC (permalink / raw)
To: netfilter
hello,
I want to execute my code at
NF_IP_POST_ROUTING. For that First i want to know
which functions are executing at NF_IP_POST_ROUTING
Hook. Then i have enabled SNAT and I have wrriten code
at NF_IP_POST_ROUTING but i want to get outgoing
packets' IP address as new one SNAT'ed IP address not
the one that is before SNAT? How can i do that?
I observe that my code and SNAT are executing
at same HOOK NF_IP_POST_ROUTING. But my code is
executed first and then SANT is doen but how to
reverse that?
regards,
cranium
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Urgent SNAT help required
2005-05-09 8:30 Urgent SNAT help required cranium2003
@ 2005-05-09 13:02 ` Vinay Reddy
0 siblings, 0 replies; 3+ messages in thread
From: Vinay Reddy @ 2005-05-09 13:02 UTC (permalink / raw)
To: cranium2003, netfilter-devel
On 5/9/05, cranium2003 <cranium2003@yahoo.com> wrote:
> hello,
> I want to execute my code at
> NF_IP_POST_ROUTING. For that First i want to know
> which functions are executing at NF_IP_POST_ROUTING
> Hook. Then i have enabled SNAT and I have wrriten code
> at NF_IP_POST_ROUTING but i want to get outgoing
> packets' IP address as new one SNAT'ed IP address not
> the one that is before SNAT? How can i do that?
Execute your code after SNAT has finished.
> I observe that my code and SNAT are executing
> at same HOOK NF_IP_POST_ROUTING. But my code is
> executed first and then SANT is doen but how to
> reverse that?
Use the following while declaring an nf_hook_ops struct:
struct nf_hook_ops post_route = {
{NULL, NULL},
post_route_handler,
THIS_MODULE,
PF_INET,
NF_IP_POST_ROUTING,
NF_IP_PRI_NAT_SRC +1, // <--- This is important. It is the priority.
};
Note that the last field gives the priority for this handler. The
higher it is, the earlier it is executed.
HTH,
Vinay
> regards,
> cranium
>
> Yahoo! Mail
> Stay connected, organized, and protected. Take the tour:
> http://tour.mail.yahoo.com/mailtour.html
>
>
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Urgent SNAT help required
@ 2005-05-09 13:47 cranium2003
0 siblings, 0 replies; 3+ messages in thread
From: cranium2003 @ 2005-05-09 13:47 UTC (permalink / raw)
To: Vinay Reddy, netfilter-devel
Hello Vinay,
Thanks it works. I have now another problem.
I set a 4 computer LAN with configuration as
HostA
eth0=> 192.168.1.100
Router1
eth0=>10.1.1.1
eth1=>192.168.1.1
Router2
eth0=>10.1.1.100
eth1=>172.16.1.1
HostB
eth0=>172.16.1.100
I added following to iptables
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
on both Routers as both have eth0 directly connected.
Now,when i ping from HostA to HostB through
Router1 and Router2,Router1 has to SNAT and it did and
sends a ping to HostB with HostB receiving src ip of
ping packet as that Router1 but reverse pong packet
from HostB to HostA does not changes src ip at
Router2. why?
Thanks in advance.
regards,
cranium.
--- Vinay Reddy <vinayvinay@gmail.com> wrote:
> On 5/9/05, cranium2003 <cranium2003@yahoo.com>
> wrote:
> > hello,
> > I want to execute my code at
> > NF_IP_POST_ROUTING. For that First i want to know
> > which functions are executing at
> NF_IP_POST_ROUTING
> > Hook. Then i have enabled SNAT and I have wrriten
> code
> > at NF_IP_POST_ROUTING but i want to get outgoing
> > packets' IP address as new one SNAT'ed IP address
> not
> > the one that is before SNAT? How can i do that?
> Execute your code after SNAT has finished.
> > I observe that my code and SNAT are
> executing
> > at same HOOK NF_IP_POST_ROUTING. But my code is
> > executed first and then SANT is doen but how to
> > reverse that?
> Use the following while declaring an nf_hook_ops
> struct:
> struct nf_hook_ops post_route = {
> {NULL, NULL},
> post_route_handler,
> THIS_MODULE,
> PF_INET,
> NF_IP_POST_ROUTING,
> NF_IP_PRI_NAT_SRC +1, // <--- This is important.
> It is the priority.
> };
>
> Note that the last field gives the priority for this
> handler. The
> higher it is, the earlier it is executed.
>
> HTH,
> Vinay
>
> > regards,
> > cranium
> >
> > Yahoo! Mail
> > Stay connected, organized, and protected. Take the
> tour:
> > http://tour.mail.yahoo.com/mailtour.html
> >
> >
>
>
> --
> "Debugging is twice as hard as writing the code in
> the first place.
> Therefore, if you write the code as cleverly as
> possible, you are,
> by definition, not smart enough to debug it." -
> Brian W. Kernighan
>
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-05-09 13:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-05-09 8:30 Urgent SNAT help required cranium2003
2005-05-09 13:02 ` Vinay Reddy
-- strict thread matches above, loose matches on Subject: below --
2005-05-09 13:47 cranium2003
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.