Now I have put the good rule
iptables -A FORWARD -d 192.168.0.0/255.255.255.0 -p tcp --tcp-flags SYN SYN -j
QUEUE
A is connected on B but with his own ip addr instead of the GW_Netfilter addr.
the iptables -t nat -A POSTROUTING -j MASQUERADE seems to be ignored.
Just another (important) information
I use GW_netfilter eth0:0 device to go on network 192.168.0.0
and the eth0:0 device on B so that
A, GW and B are all on the 192.168 network but only GW and B are on the 192.168 one !
192.168.76
.______________.___________________________.
| | |
| | |
| eth0 eth0
| | |
A GW B
| |
eth0:0------192.168.0----------eth0:0
is a better schema !
Fran�ois
On Mon, 10 Jun 2002 18:19:23 +0200
Francois Chenais <[EMAIL PROTECTED]> wrote:
| Hello,
|
|
|
| 192.168.76.0 192.168.0.0
| A --------------> GW_Netfilter --------------------> B
| \ /
| QUEUE
| \
| user APP
|
|
|
| In fact, I would like to redirect all SYN packet comming from A to B
| in target QUEUE for a user space check.
|
| Here what I've done but doesn't work !:-|
|
| on A
| -----
| route add -net 192.168.0.0 gw GW_Netfilter netmask 255.255.255.0
|
|
| on GW_Netfilter
| ---------------
| echo 1 > /proc/sys/net/ipv4/ip_forward
| iptables -t nat -A POSTROUTING -j MASQUERADE
| iptables -A FORWARD -d 192.160.0.0/255.255.255.0 -p tcp --tcp-flags SYN SYN
-j QUEUE
| iptables -A INPUT -d 192.160.0.0/255.255.255.0 -p tcp --tcp-flags SYN SYN -j
QUEUE
|
|
| user APP connected on hook 1 on the ip_queue
| ---------------------------------------------
|
|
| What's wrong ?
|
| Thanks a lot
|
| Fran�ois
|
| --
| Woody 3.0
| Linux tanna 2.4.14 #3 SMP Thu Dec 6 14:04:03 CET 2001 i686 unknown
|
| PGP fingerprint : 9AFA 15EC 96C9 F607 EBC1 DD41 70C5 F0E0 25A5 105B
|
|
|
|
|
|
|
|
|
|
|
