port forwarding with one interface to trace traffic?

port forwarding with one interface to trace traffic?

[Rasca]

Hi IP-gurus,

I want to setup a specific port forwarding to trace the
ip traffic between a macos9 and a hp net printer to debug
a spooler problem.

I thought the port forwarding feature of linux/iptables
would be nice to do that. But until now I wasn't able
to get it running ;-(

May be some one can help here. The setup is quite simple.

* one class C net (192.168.10.0)
* a linux box with one interface (eth0), kernel 2.4.24
   and iptables 1.2.9 (192.168.10.156

* macos9 machine with 9.2.x (192.168.10...)

* HP laser printer with network interface (192.168.10.9)

I want to configure the Mac to print to the linux box.
The linux box should do port forwarding to the hp printer.
So I can use "ethereal" or what ever to dump the traffic.

Because it's not a firewall all chains have as default
"accept".

I added the following rule (which seems not to be enough,
cause the printing freezes):

iptables -t nat -A PREROUTING -p tcp --dport 515 \
	-d 192.168.10.156/32 -j DNAT --to-dest 192.168.10.9:515

Any ideas?

thx + cu
  rasca


-- 
_______________________________________________________________
| Triad Berlin Projektgesellschaft mbH | http://www.triad.de/ |

Re: port forwarding with one interface to trace traffic?

[Caracal - G. Hostettler]

Just one silly question:

Do you have a "1" in /proc/sys/net/ipv4/ip_forward ?
If a zero, nothing will go through.

BTW, I never used such a config with only on interface.

I am *not* a guru, but having a mask of /32 instead of /24 seems strange to
me.
What is the mask on your printer and on your Mc ?

GH

----- Original Message ----- 
From: "Rasca" <rasca-ml@triad.de>
To: <netfilter@lists.netfilter.org>
Sent: Wednesday, January 21, 2004 4:45 PM
Subject: port forwarding with one interface to trace traffic?


> Hi IP-gurus,
>
> I want to setup a specific port forwarding to trace the
> ip traffic between a macos9 and a hp net printer to debug
> a spooler problem.
>
> I thought the port forwarding feature of linux/iptables
> would be nice to do that. But until now I wasn't able
> to get it running ;-(
>
> May be some one can help here. The setup is quite simple.
>
> * one class C net (192.168.10.0)
> * a linux box with one interface (eth0), kernel 2.4.24
>    and iptables 1.2.9 (192.168.10.156
>
> * macos9 machine with 9.2.x (192.168.10...)
>
> * HP laser printer with network interface (192.168.10.9)
>
> I want to configure the Mac to print to the linux box.
> The linux box should do port forwarding to the hp printer.
> So I can use "ethereal" or what ever to dump the traffic.
>
> Because it's not a firewall all chains have as default
> "accept".
>
> I added the following rule (which seems not to be enough,
> cause the printing freezes):
>
> iptables -t nat -A PREROUTING -p tcp --dport 515 \
> -d 192.168.10.156/32 -j DNAT --to-dest 192.168.10.9:515
>
> Any ideas?
>
> thx + cu
>   rasca
>
>
> -- 
> _______________________________________________________________
> | Triad Berlin Projektgesellschaft mbH | http://www.triad.de/ |
>
>

Re: port forwarding with one interface to trace traffic?

[Rasca]

Hi,

Caracal - G. Hostettler schrieb:
> Just one silly question:
> 
> Do you have a "1" in /proc/sys/net/ipv4/ip_forward ?
> If a zero, nothing will go through.

yep, of course it's setup to "1".

> BTW, I never used such a config with only on interface.

may be it's not possible, or the setup for only one
interface is more complicated!?

> I am *not* a guru, but having a mask of /32 instead of /24 seems strange to
> me.

as long as I know it means no subnet, just the IP for
the host..

> What is the mask on your printer and on your Mc ?

class C (255.255.255.0)

cu
  rasca

>>
>>I want to setup a specific port forwarding to trace the
>>ip traffic between a macos9 and a hp net printer to debug
>>a spooler problem.
>>
>>I thought the port forwarding feature of linux/iptables
>>would be nice to do that. But until now I wasn't able
>>to get it running ;-(
>>
>>May be some one can help here. The setup is quite simple.
>>
>>* one class C net (192.168.10.0)
>>* a linux box with one interface (eth0), kernel 2.4.24
>>   and iptables 1.2.9 (192.168.10.156
>>
>>* macos9 machine with 9.2.x (192.168.10...)
>>
>>* HP laser printer with network interface (192.168.10.9)
>>
>>I want to configure the Mac to print to the linux box.
>>The linux box should do port forwarding to the hp printer.
>>So I can use "ethereal" or what ever to dump the traffic.
>>
>>Because it's not a firewall all chains have as default
>>"accept".
>>
>>I added the following rule (which seems not to be enough,
>>cause the printing freezes):
>>
>>iptables -t nat -A PREROUTING -p tcp --dport 515 \
>>-d 192.168.10.156/32 -j DNAT --to-dest 192.168.10.9:515
>>
>>Any ideas?
>>
>>thx + cu
>>  rasca
>>
>>
>>-- 
>>_______________________________________________________________
>>| Triad Berlin Projektgesellschaft mbH | http://www.triad.de/ |
>>
>>
> 
> 


-- 
_______________________________________________________________
| Triad Berlin Projektgesellschaft mbH | http://www.triad.de/ |

Re: port forwarding with one interface to trace traffic?

[Antony Stone]

On Wednesday 21 January 2004 3:45 pm, Rasca wrote:

> Hi IP-gurus,
>
> May be some one can help here. The setup is quite simple.
>
> * one class C net (192.168.10.0)
> * a linux box with one interface (eth0), kernel 2.4.24
>    and iptables 1.2.9 (192.168.10.156
>
> * macos9 machine with 9.2.x (192.168.10...)
>
> * HP laser printer with network interface (192.168.10.9)
>
> I want to configure the Mac to print to the linux box.
> The linux box should do port forwarding to the hp printer.
> So I can use "ethereal" or what ever to dump the traffic.

Your problem with this is a simple networking one, nothing specific to 
netfilter.

Here's a description of where the packets go in your setup:

1. Mac sends to 192.168.10.156
2. Netfilter translates destination address and packet goes to printer at 
192.168.10.9
3. Printer replies to Mac (because source address remains unchanged).

Therefore the Mac is unhappy and upset, because it sent to 192.168.10.156, and 
got a reply from 192.168.109.9.

TCP doesn't allow that, therefore printing doesn't work.

Your solutions?

1. Add second interface to the firewall, and make sure the client and server 
are on opposite sides of it, so that packets in both directions have to go 
through the netfilter machine (which will then perform the reverse NAT in the 
opposite direction)

2. Perform SNAT as well as DNAT on the netfilter system so that the Mac think 
it's printing to the netfilter box (which does DNAT so the packets get sent 
to the printer, but also does SNAT so the printer replies back to netfilter, 
and reverse NAT can then successfully send the replies back to the Mac)

3. Connect a hub (not a switch) to the printer's ethernet cable (or to the 
Mac's ethernet cable), and plug the Linux machine running ethereal into the 
hub, so you can sniff the packets off the wire without any NAT.

My recommendation would be for option 3, because it makes the least change to 
your existing network setup and ensures you can investigate the problem 
without doing something which may affect packet routing etc (which could turn 
out to be the cause you are looking for).

Regards,

Antony.

-- 
This email is intended for the use of the individual addressee(s) named above 
and may contain information that is confidential, privileged or unsuitable 
for overly sensitive persons with low self-esteem, no sense of humour, or 
irrational religious beliefs.

If you have received this email in error, you are required to shred it 
immediately, add some nutmeg, three egg whites and a dessertspoonful of 
caster sugar.   Whisk until soft peaks form, then place in a warm oven for 40 
minutes.   Remove promptly and let stand for 2 hours before adding some 
decorative kiwi fruit and cream.   Then notify me immediately by return email 
and eat the original message.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: port forwarding with one interface to trace traffic?

[Jeffrey Laramie]

>
>3. Connect a hub (not a switch) to the printer's ethernet cable (or to the 
>Mac's ethernet cable), and plug the Linux machine running ethereal into the 
>hub, so you can sniff the packets off the wire without any NAT.
>  
>

Hi Antony

This is dangerously OT, but what's the difference? I always thought that 
the difference between a switch and a hub was simply a matter of 
internal plumbing that affected how the pipes were connected and had no 
effect on the actual tcp/ip connections. I've used them interchangeably 
and haven't seen a difference. Maybe someone has a link that could 
educate me more better! :-)

Jeff

Re: port forwarding with one interface to trace traffic?

[Rasca]

Hi,

Jeffrey Laramie schrieb:
> 
>>
>> 3. Connect a hub (not a switch) to the printer's ethernet cable (or to 
>> the Mac's ethernet cable), and plug the Linux machine running ethereal 
>> into the hub, so you can sniff the packets off the wire without any NAT.
>>  
>>
> 
> This is dangerously OT, but what's the difference? I always thought that 
> the difference between a switch and a hub was simply a matter of 
> internal plumbing that affected how the pipes were connected and had no 
> effect on the actual tcp/ip connections. I've used them interchangeably 
> and haven't seen a difference. Maybe someone has a link that could 
> educate me more better! :-)

A "hub" broadcasts all packets to all port. And yes - that was
the way I choosed, cause it's more simple to setup (I found an
old hub..) and it's working.

thx to Antony.

cu
  rasca

-- 
_______________________________________________________________
| Triad Berlin Projektgesellschaft mbH | http://www.triad.de/ |

PPTP and GRE

[Jan Kaastrup]

Hi list

I am running poptop on kernel 2.4.23.
I need the patch, that makes it possible for GRE to do NAT

I remember i have done it before, but not how :) 
In my ip_conntrack the gre protocol stands as "UNKNOWN", and remember i
have seen it says "gre".

Any help will be appriciated

Thanks a lot.

RE: port forwarding with one interface to trace traffic?

[Piers Finlayson]

Also be warned that many "hubs" on the market are actually switches.  I find
this terribly annoying.

Cheers,
Piers

-----Original Message-----
From: Rasca [mailto:rasca-ml@triad.de]
Sent: 22 January 2004 13:37
To: Jeffrey Laramie
Cc: netfilter@lists.netfilter.org
Subject: Re: port forwarding with one interface to trace traffic?


Hi,

Jeffrey Laramie schrieb:
> 
>>
>> 3. Connect a hub (not a switch) to the printer's ethernet cable (or to 
>> the Mac's ethernet cable), and plug the Linux machine running ethereal 
>> into the hub, so you can sniff the packets off the wire without any NAT.
>>  
>>
> 
> This is dangerously OT, but what's the difference? I always thought that 
> the difference between a switch and a hub was simply a matter of 
> internal plumbing that affected how the pipes were connected and had no 
> effect on the actual tcp/ip connections. I've used them interchangeably 
> and haven't seen a difference. Maybe someone has a link that could 
> educate me more better! :-)

A "hub" broadcasts all packets to all port. And yes - that was
the way I choosed, cause it's more simple to setup (I found an
old hub..) and it's working.

thx to Antony.

cu
  rasca

-- 
_______________________________________________________________
| Triad Berlin Projektgesellschaft mbH | http://www.triad.de/ |