* How to "catch" FORWARD packets in POSTROUTING chain?
@ 2004-08-16 1:57 Marcin Sura
2004-08-16 2:25 ` George Alexandru Dragoi
0 siblings, 1 reply; 3+ messages in thread
From: Marcin Sura @ 2004-08-16 1:57 UTC (permalink / raw)
To: netfilter
Hello
I have lan (10.0.0.0/8) and server (10.1.1.1 for lan, dynamic ip
from my ISP). I use MASQUERADE to allow lan computer connects to
internet. eth0 connects to lan, ppp0 for internet.
All traffic lan <--> internet passes through FORWARD chain. How
can I "catch" this traffic in POSTROUTING chain?
--
Pozdrawiam
Marcin mailto:slacklist@op.pl
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: How to "catch" FORWARD packets in POSTROUTING chain?
2004-08-16 1:57 How to "catch" FORWARD packets in POSTROUTING chain? Marcin Sura
@ 2004-08-16 2:25 ` George Alexandru Dragoi
0 siblings, 0 replies; 3+ messages in thread
From: George Alexandru Dragoi @ 2004-08-16 2:25 UTC (permalink / raw)
To: netfilter
As long as you can "catch" it in FORWARD, i see no reason to catch it
in POSTROUTING, but if you still want this, try that
iptables -t mangle -A FORWARD -j MARK --set-mark 0x1
iptables -t nat -A POSTROUTING -m mark --mark 0x1 .... do stuff
On Mon, 16 Aug 2004 03:57:59 +0200, Marcin Sura <slacklist@op.pl> wrote:
> Hello
>
> I have lan (10.0.0.0/8) and server (10.1.1.1 for lan, dynamic ip
> from my ISP). I use MASQUERADE to allow lan computer connects to
> internet. eth0 connects to lan, ppp0 for internet.
>
> All traffic lan <--> internet passes through FORWARD chain. How
> can I "catch" this traffic in POSTROUTING chain?
>
> --
> Pozdrawiam
> Marcin mailto:slacklist@op.pl
>
>
--
Bla bla
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: How to "catch" FORWARD packets in POSTROUTING chain?
@ 2004-08-16 2:23 Jason Opperisano
0 siblings, 0 replies; 3+ messages in thread
From: Jason Opperisano @ 2004-08-16 2:23 UTC (permalink / raw)
To: netfilter
> I have lan (10.0.0.0/8) and server (10.1.1.1 for lan, dynamic ip
> from my ISP). I use MASQUERADE to allow lan computer connects to
> internet. eth0 connects to lan, ppp0 for internet.
>
> All traffic lan <--> internet passes through FORWARD chain. How
> can I "catch" this traffic in POSTROUTING chain?
define "catch." you could say that you are already "catching" the traffic with your MASQUERADE rule--as it would have to be in the POSTROUTING chain of the NAT table... maybe you want to log the traffic before it gets MASQ'ed? then:
iptables -t nat -I POSTROUTING -o $EXT_IF -j LOG
Or are you trying to do something else? Maybe the POSTROUTING chain of the MANGLE table?
iptables -t mangle -I POSTROUTING -o $EXT_IF -j crunch_n_munch
-j
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-08-16 2:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-16 1:57 How to "catch" FORWARD packets in POSTROUTING chain? Marcin Sura
2004-08-16 2:25 ` George Alexandru Dragoi
-- strict thread matches above, loose matches on Subject: below --
2004-08-16 2:23 Jason Opperisano
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox