Apply rules to 1 UDP port but port used as a socket: possible?

Apply rules to 1 UDP port but port used as a socket: possible?

[zze-Proxy GRALL O ext FTRD/SVA/LAN]

[-- Attachment #1: Type: text/plain, Size: 639 bytes --]

Hello to IPTables users,

I'm trying to use a socket (on port 1727) to decode some proprietary UDP
packets. When I've decoded them I want to apply a DNAT rule (and then a
SNAT  too) to this port using a filter on @IP:port source for all
following packets...

I use libiptc to manage iptables from my application.

My problem is that I can't apply rule to the packets. They all arrive on
the socket. I think it may be due to connection tracking but I would
like your points of view to be sure.

Is there any solution to do it ? For the moment I use v1.2.5a but I'm
installing v1.2.9.

Thanx in advance,

Olivier GRALL.  

[-- Attachment #2: Type: text/html, Size: 1306 bytes --]

Re: Apply rules to 1 UDP port but port used as a socket: possible?

[Antony Stone]

On Tuesday 10 February 2004 1:16 pm, zze-Proxy GRALL O ext FTRD/SVA/LAN wrote:

> Hello to IPTables users,
>
> I'm trying to use a socket (on port 1727) to decode some proprietary UDP
> packets. When I've decoded them I want to apply a DNAT rule (and then a
> SNAT  too) to this port using a filter on @IP:port source for all
> following packets...

I *think* what you're saying is that you want to receive packets on a socket 
bound to port 1727, and *then* you want to NAT the packets (which happens in 
the kernel, around about the routing stage, before they're handed over to a 
listening socket....).

If this interpretation is correct, then the very least reason why you can't do 
what you want is because once the packets have been accepted by a socket, 
they're no longer available to netfilter to be NATted, because they've 
already been delivered.

Have I misunderstood what you're trying to do?   Or are you really trying to 
redirect packets after they've arrived at their destination?

Antony.

-- 
Ramdisk is not an installation procedure.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: Apply rules to 1 UDP port but port used as a socket: possible?

[Alex Satrapa]

zze-Proxy GRALL O ext FTRD/SVA/LAN wrote:
> I'm trying to use a socket (on port 1727) to decode some proprietary UDP 
> packets. When I've decoded them I want to apply a DNAT rule (and then a 
> SNAT  too) to this port using a filter on @IP:port source for all 
> following packets…

So do you have Machine F which is the firewall, and machines A, B and C which are the ultimate destinations, and you want to have UDP packets from machine X (elsewhere) being sent to A, B or C  by F based on some information in the first packet F receives from a new host X? You could write your "monitor" to set up new rules based on the first packets that arrive, with the remainder being "deflected" by the firewall rules.