Linux Netfilter discussions
 help / color / mirror / Atom feed
* How to "catch" FORWARD packets in POSTROUTING chain?
@ 2004-08-16  1:57 Marcin Sura
  2004-08-16  2:25 ` George Alexandru Dragoi
  0 siblings, 1 reply; 3+ messages in thread
From: Marcin Sura @ 2004-08-16  1:57 UTC (permalink / raw)
  To: netfilter

Hello


     I have lan (10.0.0.0/8) and server (10.1.1.1 for lan, dynamic ip
     from my ISP). I use MASQUERADE to allow lan computer connects to
     internet. eth0 connects to lan, ppp0 for internet.

     All traffic lan <--> internet passes through FORWARD chain. How
     can I "catch" this traffic in POSTROUTING chain?

-- 
Pozdrawiam
 Marcin                         mailto:slacklist@op.pl



^ permalink raw reply	[flat|nested] 3+ messages in thread
* RE: How to "catch" FORWARD packets in POSTROUTING chain?
@ 2004-08-16  2:23 Jason Opperisano
  0 siblings, 0 replies; 3+ messages in thread
From: Jason Opperisano @ 2004-08-16  2:23 UTC (permalink / raw)
  To: netfilter

>      I have lan (10.0.0.0/8) and server (10.1.1.1 for lan, dynamic ip
>      from my ISP). I use MASQUERADE to allow lan computer connects to
>      internet. eth0 connects to lan, ppp0 for internet.
>
>      All traffic lan <--> internet passes through FORWARD chain. How
>      can I "catch" this traffic in POSTROUTING chain?

define "catch."  you could say that you are already "catching" the traffic with your MASQUERADE rule--as it would have to be in the POSTROUTING chain of the NAT table...  maybe you want to log the traffic before it gets MASQ'ed?  then:

	iptables -t nat -I POSTROUTING -o $EXT_IF -j LOG

Or are you trying to do something else?  Maybe the POSTROUTING chain of the MANGLE table?

	iptables -t mangle -I POSTROUTING -o $EXT_IF -j crunch_n_munch

-j


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: How to "catch" FORWARD packets in POSTROUTING chain?
  2004-08-16  1:57 How to "catch" FORWARD packets in POSTROUTING chain? Marcin Sura
@ 2004-08-16  2:25 ` George Alexandru Dragoi
  0 siblings, 0 replies; 3+ messages in thread
From: George Alexandru Dragoi @ 2004-08-16  2:25 UTC (permalink / raw)
  To: netfilter

As long as you can "catch" it in FORWARD, i see no reason to catch it
in POSTROUTING, but if you still want this, try that
iptables -t mangle -A FORWARD -j MARK --set-mark 0x1
iptables -t nat -A POSTROUTING -m mark --mark 0x1 .... do stuff


On Mon, 16 Aug 2004 03:57:59 +0200, Marcin Sura <slacklist@op.pl> wrote:
> Hello
> 
>      I have lan (10.0.0.0/8) and server (10.1.1.1 for lan, dynamic ip
>      from my ISP). I use MASQUERADE to allow lan computer connects to
>      internet. eth0 connects to lan, ppp0 for internet.
> 
>      All traffic lan <--> internet passes through FORWARD chain. How
>      can I "catch" this traffic in POSTROUTING chain?
> 
> --
> Pozdrawiam
>  Marcin                         mailto:slacklist@op.pl
> 
> 


-- 
Bla bla


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-08-16  2:25 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-16  1:57 How to "catch" FORWARD packets in POSTROUTING chain? Marcin Sura
2004-08-16  2:25 ` George Alexandru Dragoi
  -- strict thread matches above, loose matches on Subject: below --
2004-08-16  2:23 Jason Opperisano

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox