* Misconfigured or REDIRECT is not rewriting packages properly.
@ 2005-02-01 10:08 Lennart A. Hansen
0 siblings, 0 replies; only message in thread
From: Lennart A. Hansen @ 2005-02-01 10:08 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 4443 bytes --]
Hey all.
I'm experiencing problems with IPTables and REDIRECTING, when i search
around i find similar problems but no answers, i would be gratefull if
anyone could shed some light on this one..
It's like iptables doesnt quite work when it comes to keep track of
everything..
If I try a simple redirect to my webserver on the same host, port 5025
-> 80 with
# iptables -t nat -A PREROUTING -p tcp --dport 5025 -j REDIRECT --to-port 80
I would imagine this would do it
I can contact the webserver "fine" (http://pxysrv:5025)
apache access.log:
10.0.0.205 - - [01/Feb/2005:10:37:20 +0100] "GET / HTTP/1.1" 302 1084
"-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; da-DK; rv:1.7.5)
Gecko/20041118 Firefox/1.0"
But I do not get any reply from the server, but actually I do, it's
messed up. When I'm sniffing the lan, I can see that it keeps resending
with incorrent CHECKSUM, this is really weird i think.
And browser returns "Document Contains no data"
Some info:
uname -a:
Linux npxysrv 2.6.9-gentoo-r14 #1 Tue Feb 1 09:53:40 CET 2005 i686 AMD
Athlon(tm) XP 1700+ AuthenticAMD GNU/Linux
(Have also tryed with kernel 2.6.10)
Kernel Config:
#
# Networking options
#
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
# CONFIG_NETLINK_DEV is not set
CONFIG_UNIX=y
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
# CONFIG_SYN_COOKIES is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
# CONFIG_INET_TUNNEL is not set
#
# IP: Virtual Server Configuration
#
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_BRIDGE_NETFILTER=y
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
# CONFIG_IP_NF_FTP is not set
# CONFIG_IP_NF_IRC is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
CONFIG_IP_NF_MATCH_OWNER=y
# CONFIG_IP_NF_MATCH_PHYSDEV is not set
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
# CONFIG_IP_NF_NAT_LOCAL is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_CLASSIFY=y
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_TARGET_NOTRACK=m
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
#
# Bridge: Netfilter Configuration
#
CONFIG_BRIDGE_NF_EBTABLES=y
CONFIG_BRIDGE_EBT_BROUTE=y
CONFIG_BRIDGE_EBT_T_FILTER=y
CONFIG_BRIDGE_EBT_T_NAT=y
CONFIG_BRIDGE_EBT_802_3=y
CONFIG_BRIDGE_EBT_AMONG=y
CONFIG_BRIDGE_EBT_ARP=y
CONFIG_BRIDGE_EBT_IP=y
CONFIG_BRIDGE_EBT_LIMIT=y
CONFIG_BRIDGE_EBT_MARK=y
CONFIG_BRIDGE_EBT_PKTTYPE=y
CONFIG_BRIDGE_EBT_STP=y
CONFIG_BRIDGE_EBT_VLAN=y
CONFIG_BRIDGE_EBT_ARPREPLY=y
CONFIG_BRIDGE_EBT_DNAT=y
CONFIG_BRIDGE_EBT_MARK_T=y
CONFIG_BRIDGE_EBT_REDIRECT=y
CONFIG_BRIDGE_EBT_SNAT=y
CONFIG_BRIDGE_EBT_LOG=y
root@npxysrv root # iptables -t nat -vnxL
Chain PREROUTING (policy ACCEPT 505092 packets, 30873147 bytes)
pkts bytes target prot opt in out
source destination
3 144 REDIRECT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:5025 redir ports 80
And attached is the sniff dump (libcap).
All help is appriciated. Thanks in advance.
-Lennart
[-- Attachment #2: redirect.dump --]
[-- Type: application/octet-stream, Size: 15492 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-02-01 10:08 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-01 10:08 Misconfigured or REDIRECT is not rewriting packages properly Lennart A. Hansen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox