* Re: raw socket and iptables rules
[not found] <690153640804100451y7a7f29fawfd6b3f1ba8f62a51@mail.gmail.com>
@ 2008-04-13 6:32 ` Patrick McHardy
0 siblings, 0 replies; only message in thread
From: Patrick McHardy @ 2008-04-13 6:32 UTC (permalink / raw)
To: Gabor Fekete; +Cc: netdev, Netfilter Development Mailinglist
Gabor Fekete wrote:
> Hi,
>
> I'm writing a C code that sends IP datagrams using a RAW socket.
> The only problem I have is that it seems that the MASQUERADE rule
> I have does not apply for the packets sent via this socket.
>
> Is it so, that raw sockets bypass iptables?
> What can I do to make iptables to process these packets?
MASQUERADE leaves packets with saddr=0.0.0.0 pass without SNAT.
So that might be the reason. Another possibility is that these
packets match an existing connection, the NAT table only sees
the first packet of each connection. Third option would be
invalid IP headers, but you'd see a message in that case.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-04-13 6:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <690153640804100451y7a7f29fawfd6b3f1ba8f62a51@mail.gmail.com>
2008-04-13 6:32 ` raw socket and iptables rules Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox