From: "Eric B." <ebenze@hotmail.com>
To: netfilter@vger.kernel.org
Subject: Re: Packets not traversing the POSTROUTING table?
Date: Tue, 8 Apr 2008 07:42:17 -0400 [thread overview]
Message-ID: <ftflon$5ns$1@ger.gmane.org> (raw)
In-Reply-To: alpine.LNX.1.10.0804081121460.17722@fbirervta.pbzchgretzou.qr
"Jan Engelhardt" <jengelh@computergmbh.de> wrote in message
news:alpine.LNX.1.10.0804081121460.17722@fbirervta.pbzchgretzou.qr...
>
>>From what someone on the comp.os.linux.networking group told me, only the
>>nat tables only see the first new packet of every connection,[...]
>
> Yes, the _first_ packet. But an ICMP reply (it also applies to TCP SYN
> ACK)
> is not the first(*). See the output of the LOGMARK target on
> -t mangle -A POSTROUTING -p icmp -d <desktop>:
>
> Apr 8 11:15:31 sovereign kernel: [1415558.389017] hook=POSTROUTING
> nfmark=0x0
> secmark=0x0 classify=0x0 ctdir=REPLY ct=0xffff81007674c380 ctmark=0x0
> ctstate=ESTABLISHED ctstatus=SEEN_REPLY,CONFIRMED
>
> Do you see "ctstate=NEW" anywhere? I don't! :-)
Sorry, but what is the LOGMARK target? I can't seem to find that target
anywhere in the docs or the man pages. I've seen the LOG target and the
MARK target, but not sure what the LOGMARK target is. Furthermore, how did
you manage to get that log output from the POSTROUTING table, if the
response packet doesn't traverse it?
I'm assuming you are using some advanced debugging features? Where can I
find out more about those?
Thanks!
Eric
next prev parent reply other threads:[~2008-04-08 11:42 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-08 3:27 Packets not traversing the POSTROUTING table? Eric B.
2008-04-08 9:26 ` Jan Engelhardt
2008-04-08 11:42 ` Eric B. [this message]
2008-04-08 12:17 ` Jan Engelhardt
2008-04-08 18:15 ` Eric B.
2008-04-08 19:14 ` Jan Engelhardt
2008-04-08 19:28 ` Eric B.
2008-04-08 19:38 ` Jan Engelhardt
2008-04-08 19:44 ` Eric B.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='ftflon$5ns$1@ger.gmane.org' \
--to=ebenze@hotmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox