* raw socket and iptables rules
@ 2008-04-10 11:51 Gabor Fekete
2008-04-13 6:32 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: Gabor Fekete @ 2008-04-10 11:51 UTC (permalink / raw)
To: netdev
Hi,
I'm writing a C code that sends IP datagrams using a RAW socket.
The only problem I have is that it seems that the MASQUERADE rule
I have does not apply for the packets sent via this socket.
Is it so, that raw sockets bypass iptables?
What can I do to make iptables to process these packets?
Thanks,
Gabor
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: raw socket and iptables rules
2008-04-10 11:51 raw socket and iptables rules Gabor Fekete
@ 2008-04-13 6:32 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2008-04-13 6:32 UTC (permalink / raw)
To: Gabor Fekete; +Cc: netdev, Netfilter Development Mailinglist
Gabor Fekete wrote:
> Hi,
>
> I'm writing a C code that sends IP datagrams using a RAW socket.
> The only problem I have is that it seems that the MASQUERADE rule
> I have does not apply for the packets sent via this socket.
>
> Is it so, that raw sockets bypass iptables?
> What can I do to make iptables to process these packets?
MASQUERADE leaves packets with saddr=0.0.0.0 pass without SNAT.
So that might be the reason. Another possibility is that these
packets match an existing connection, the NAT table only sees
the first packet of each connection. Third option would be
invalid IP headers, but you'd see a message in that case.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-04-13 6:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-04-10 11:51 raw socket and iptables rules Gabor Fekete
2008-04-13 6:32 ` Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).