From: "Hard__warE" <hard__ware@hotmail.com>
To: netfilter@lists.samba.org
Subject: SNAT of ICMP fragmentation-nee
Date: Mon, 10 Jun 2002 22:56:32 +1000 [thread overview]
Message-ID: <000501c2107e$3ed0f300$7b0010ac@dynamicaccess.lan> (raw)
> iptables -I POSTROUTING -t nat -p icmp --icmp-type \
> fragmentation-needed -j LOG --log-prefix "icmp SNAT POST "
>
> iptables -I PREROUTING -t mangle -p icmp --icmp-type \
> fragmentation-needed -j LOG --log-prefix "icmp SNAT PRE "
>
do you need to log all interfaces / chains
or a particular adapter ????
ok have you tried using this instead
$IPTABLES -t nat -A POSTROUTING -p icmp --icmp-type \
fragmentation-needed -j LOG --log-prefix "icmp SNAT POST "
$IPTABLES -t nat -A PREROUTING -p icmp --icmp-type \
fragmentation-needed -j LOG --log-prefix "icmp SNAT PRE "
....
oh and this one is for
Antony Stone ... :D ... Gday ..
>Hmmm. Okay - this is beyond my understanding of netfilter - can anyone
else
>suggest why icmp packets going through the machine would get logged and
>processed by PREROUTING and FORWARD but not by POSTROUTING ?
i have tested this with ICMP and it iz very true ...
It seems as if the IPtables Box handles the actuall ICMP traffic locally
So a box on the local lan can ping someone on the net and in your
POSTROUTING Stage the packets arnt logged ...
packets may flow through the actuall Theroy of Prerouting ---> Forward -->
Postrouting
and actually not go through the Postrouting stage ...
I found by using IP alias's and a few modifications to your IPTables script
you can acheive alot of
things that are thought to be not possible .... :D .. hehhe
next reply other threads:[~2002-06-10 12:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-10 12:56 Hard__warE [this message]
[not found] <Pine.LNX.4.44.0206101340570.30649-100000@albert.ha-vel.cz>
2002-06-10 12:18 ` SNAT of ICMP fragmentation-nee Antony Stone
2002-06-10 14:52 ` Ramin Alidousti
2002-06-10 15:01 ` Antony Stone
2002-06-10 16:06 ` Jack Bowling
2002-06-10 18:03 ` Ramin Alidousti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000501c2107e$3ed0f300$7b0010ac@dynamicaccess.lan' \
--to=hard__ware@hotmail.com \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox