From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Fiedler Roman <Roman.Fiedler@ait.ac.at>
Cc: "netfilter-devel@vger.kernel.org" <netfilter-devel@vger.kernel.org>
Subject: Re: Ulog/filter device name does not match effective device name of data flow: expected?
Date: Thu, 12 Jan 2012 03:46:54 +0100 [thread overview]
Message-ID: <20120112024654.GD12255@1984> (raw)
In-Reply-To: <9F69795E29C890408AC2DAF646C89BB379CF93964B@MAILBOX.arc.local>
On Tue, Jan 10, 2012 at 02:04:12PM +0100, Fiedler Roman wrote:
> Hi,
>
> Just a question, if this is intended behavior in NAT/logging with ulog/filter, I know it should be some border case:
>
>
> In test environment, all 10/8 IPs are routed via lo by default to avoid test data from 10/8 net leaving the host.
>
> 10.0.0.0/8 dev lo scope link src 10.0.0.1
>
> To allow some connections to reach machines outside, these connections are natted, e.g.
>
> Iptables -t nat -A OUTPUT -o lo -d 10.0.0.5 -p tcp -m tcp --dport 80 -j DNAT --to-destination xxx.172:80
>
> This allows to create the connection, but with two side effects:
>
> Although the package leaves via eth0, ulog will report OUT=lo:
>
> Jan 10 12:06:13 v3lsn1105 iptables:ACCEPT-INFO IN= OUT=lo MAC= SRC=10.xx.xx.3 DST=xxxx.172 LEN=60 TOS=00 PREC=0x00 TTL=64 ID=46425 CE DF PROTO=TCP SPT=48808 DPT=80 SEQ=1237479374 ACK=0 WINDOW=32792 SYN URGP=0
You forgot to paste your NFLOG rule. Where is it?
next prev parent reply other threads:[~2012-01-12 2:46 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-10 13:04 Ulog/filter device name does not match effective device name of data flow: expected? Fiedler Roman
2012-01-12 2:46 ` Pablo Neira Ayuso [this message]
2012-01-12 8:50 ` AW: " Fiedler Roman
2012-01-13 13:15 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120112024654.GD12255@1984 \
--to=pablo@netfilter.org \
--cc=Roman.Fiedler@ait.ac.at \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).