Not seeing injected packets traversing iptables

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "JOSE MIGUEL MARTINEZ" <txemi2@clientes.euskaltel.es>
To: netfilter@lists.netfilter.org, txemi2@euskalnet.net
Subject: Not seeing injected packets traversing iptables
Date: Thu, 01 Jul 2004 14:03:21 +0200	[thread overview]
Message-ID: <e62310192.10192e623@euskalnet.net> (raw)

I am injecting packets in a network. I can see this packets from 
libpcap 
from several machines so the packets are there. The machine supposed 
to receive 
the packets can see them too in a tcpdump. Besides it answers to some 
of them 
(syn/ack if I inject tcp syncs) so packets are arriving. The tools I 
use to inject 
packets are packit, nemesis and others home-made over libnet. The 
problem is that 
in spite of packets being received they does not seem to enter 
iptables as I cannot 
LOG or ULOG them in destination machine. This does not happen with 
convencional traffic as pings or tcp connections that can be logged 
normally. 
It seems to be a problem related to "artificially" injected traffic 
not reaching iptables. 
¿Is conttrack or some part of iptables realising this packets are not 
legal enough to reach 
iptables? 

logging rule is quite simple 

root@bipt08:~# iptables-save 
# Generated by iptables-save v1.2.9 on Thu Jul  1 13:58:09 2004 
*nat 
:PREROUTING ACCEPT [737:65375] 
:POSTROUTING ACCEPT [1962:84481] 
:OUTPUT ACCEPT [1962:84481] 
-A PREROUTING -i eth1 -j ULOG --ulog-prefix "catch it please" 
COMMIT 
# Completed on Thu Jul  1 13:58:09 2004 
# Generated by iptables-save v1.2.9 on Thu Jul  1 13:58:09 2004 
*filter 
:INPUT ACCEPT [31481:4480745] 
:FORWARD ACCEPT [0:0] 
:OUTPUT ACCEPT [37288:10900591] 
COMMIT 
# Completed on Thu Jul  1 13:58:09 2004 
# Generated by iptables-save v1.2.9 on Thu Jul  1 13:58:09 2004 
*mangle 
:PREROUTING ACCEPT [31500:4483968] 
:INPUT ACCEPT [31482:4480797] 
:FORWARD ACCEPT [0:0] 
:OUTPUT ACCEPT [37289:10900787] 
:POSTROUTING ACCEPT [37289:10900787] 
COMMIT 
# Completed on Thu Jul  1 13:58:09 2004 

--  
 ______________________________ 
< hola, soy una firma horrible > 
 ------------------------------ 
        \   ^__^ 
         \  (oo)\_______ 
            (__)\       )\/\ 
                ||----w | 
                ||     || 

mail: txemi <txemi2@euskalnet.net> 
web: http://txemi.webhop.org 
mirror: http://txemi2.webhop.org

next             reply	other threads:[~2004-07-01 12:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-07-01 12:03 JOSE MIGUEL MARTINEZ [this message]
2004-07-04 13:15 ` Not seeing injected packets traversing iptables Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e62310192.10192e623@euskalnet.net \
    --to=txemi2@clientes.euskaltel.es \
    --cc=netfilter@lists.netfilter.org \
    --cc=txemi2@euskalnet.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox