UDP DNAT to a broadcast address

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* UDP DNAT to a broadcast address
@ 2011-05-18 15:58 Detlev Zundel
  2011-05-18 20:18 ` Jan Engelhardt
  0 siblings, 1 reply; 3+ messages in thread
From: Detlev Zundel @ 2011-05-18 15:58 UTC (permalink / raw)
  To: netfilter-devel

Hi,

looking for the answer to this problem, I searched the web and this
mailing list, but I still couldn't find a definitive answer to the
question that I have.

In my setup I need to a UDP packet sent to the external IP of my router
to trigger a broadcast UDP packet on the local network and relay back
the answers to this packet.

It looks like this should do the trick:

iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 3333 -j DNAT --to 192.168.0.255

Of course, as I write this e-mail, this does not work.  I can see the
packets entering the INPUT chain, but I see no packets on the OUTPUT
chain.  I speculate that this is because braodcast addresses are not
routable and thus the packet gets lost somewhere.

Is there any method to solve this with netfilter or do I need to write a
bi-directional UDP proxy in userspace?

Thanks
  Detlev

-- 
(3)   With sufficient thrust,  pigs fly just fine.  However, this is not
necessarily a good idea.  It is hard to be sure  where they are going to
land, and it could be dangerous sitting under them as they fly overhead.
                              -- The Twelve Networking Truths (RFC 1925)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: UDP DNAT to a broadcast address
  2011-05-18 15:58 UDP DNAT to a broadcast address Detlev Zundel
@ 2011-05-18 20:18 ` Jan Engelhardt
  2011-05-19  7:19   ` Detlev Zundel
  0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2011-05-18 20:18 UTC (permalink / raw)
  To: Detlev Zundel; +Cc: netfilter-devel

On Wednesday 2011-05-18 17:58, Detlev Zundel wrote:

>Hi,
>
>looking for the answer to this problem, I searched the web and this
>mailing list, but I still couldn't find a definitive answer to the
>question that I have.
>
>In my setup I need to a UDP packet sent to the external IP of my router
>to trigger a broadcast UDP packet on the local network and relay back
>the answers to this packet.
>
>It looks like this should do the trick:
>
>iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 3333 -j DNAT --to 
>192.168.0.255
>
>Of course, as I write this e-mail, this does not work.

On the contrary. This should exactly do what is requested: changing
the dst address in the packet to 255, and you should be able to
observe that this address change was successful by using -j LOG in
filter-INPUT.

>I can see the packets entering the INPUT chain, but I see no packets
>on the OUTPUT chain. I speculate that this is because braodcast
>addresses are not routable and thus the packet gets lost somewhere.

By the very definition of broadcast, a receiver is not to route it
any further, wh. As such, it enters INPUT. No loss, the machine
properly receives it (as it is supposed to). OUTPUT is only for
locally-generated packets, but received frames can only appear in
INPUT or FORWARD.

Netfilter does not even play a role in this.

All the bcast/mcast forwarders are userspace AFAICS.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: UDP DNAT to a broadcast address
  2011-05-18 20:18 ` Jan Engelhardt
@ 2011-05-19  7:19   ` Detlev Zundel
  0 siblings, 0 replies; 3+ messages in thread
From: Detlev Zundel @ 2011-05-19  7:19 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter-devel

Hi Jan,

thanks for the quick answer.

> On Wednesday 2011-05-18 17:58, Detlev Zundel wrote:
>
>>Hi,
>>
>>looking for the answer to this problem, I searched the web and this
>>mailing list, but I still couldn't find a definitive answer to the
>>question that I have.
>>
>>In my setup I need to a UDP packet sent to the external IP of my router
>>to trigger a broadcast UDP packet on the local network and relay back
>>the answers to this packet.
>>
>>It looks like this should do the trick:
>>
>>iptables -t nat -I PREROUTING -i ppp0 -p udp --dport 3333 -j DNAT --to 
>>192.168.0.255
>>
>>Of course, as I write this e-mail, this does not work.
>
> On the contrary. This should exactly do what is requested: changing
> the dst address in the packet to 255, and you should be able to
> observe that this address change was successful by using -j LOG in
> filter-INPUT.
>
>>I can see the packets entering the INPUT chain, but I see no packets
>>on the OUTPUT chain. I speculate that this is because braodcast
>>addresses are not routable and thus the packet gets lost somewhere.
>
> By the very definition of broadcast, a receiver is not to route it
> any further, wh. As such, it enters INPUT. No loss, the machine
> properly receives it (as it is supposed to). OUTPUT is only for
> locally-generated packets, but received frames can only appear in
> INPUT or FORWARD.

Yes, sorry, I really meant that I did not see anything on the FORWARD
chain.

> Netfilter does not even play a role in this.
>
> All the bcast/mcast forwarders are userspace AFAICS.

Ok, thanks for the explanation, this now all makes sense to me and I'll
turn to userspace.

Best wishes
  Detlev

-- 
It is practically impossible to teach good programming to students that have
had a  prior exposure to BASIC:  as potential  programmers they are mentally
mutilated beyond hope of regeneration.                    -- Edsger Dijkstra 

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-05-19  7:19 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-05-18 15:58 UDP DNAT to a broadcast address Detlev Zundel
2011-05-18 20:18 ` Jan Engelhardt
2011-05-19  7:19   ` Detlev Zundel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).