Re: redirect input SYN before forward to QUEUE

Tue, 11 Jun 2002 02:03:15 -0700 

This works fine with another ethernet card !

will netfilter support eth0:0 interfaces in the future ?

        Fran�ois




On Mon, 10 Jun 2002 18:45:36 +0200
Francois Chenais <[EMAIL PROTECTED]> wrote:

  | Now I have put the good rule
  |       iptables -A FORWARD -d 192.168.0.0/255.255.255.0 -p tcp --tcp-flags SYN SYN 
-j QUEUE
  | 
  | A is connected on B but with his own ip addr instead of the GW_Netfilter addr.
  | the iptables -t nat -A POSTROUTING -j MASQUERADE seems to be ignored.
  | 
  | Just another (important) information
  | 
  | I use GW_netfilter eth0:0 device to go on network 192.168.0.0
  |            and the eth0:0 device on B so that 
  | 
  | A, GW and B are all on the 192.168 network but only GW and B are on the 192.168 
one !
  | 
  |  
  |          192.168.76
  |    .______________.___________________________.
  |    |              |                           |
  |    |              |                           |
  |    |             eth0                        eth0 
  |    |              |                           |
  |    A             GW                           B
  |                   |                           |
  |               eth0:0------192.168.0----------eth0:0
  | 
  | 
  | 
  |    is a better schema !
  | 
  | 
  |             Fran�ois
  | 
  | 
  |      
  | 
  | 
  | 
  | On Mon, 10 Jun 2002 18:19:23 +0200
  | Francois Chenais <[EMAIL PROTECTED]> wrote:
  | 
  |   | Hello, 
  |   |         
  |   | 
  |   | 
  |   |              192.168.76.0                   192.168.0.0
  |   |         A  -------------->  GW_Netfilter --------------------> B
  |   |                               \      /
  |   |                                 QUEUE
  |   |                                   \
  |   |                                 user APP
  |   | 
  |   | 
  |   | 
  |   |   In fact, I would like to redirect all SYN packet comming from A to B
  |   |   in target QUEUE for a user space check.
  |   | 
  |   |   Here what I've done but doesn't work !:-|
  |   | 
  |   |   on A 
  |   |   -----
  |   |       route add -net 192.168.0.0 gw GW_Netfilter netmask 255.255.255.0 
  |   | 
  |   | 
  |   |   on GW_Netfilter
  |   |   ---------------
  |   |       echo 1 > /proc/sys/net/ipv4/ip_forward
  |   |       iptables -t nat -A POSTROUTING -j MASQUERADE
  |   |       iptables -A FORWARD -d 192.160.0.0/255.255.255.0 -p tcp --tcp-flags SYN 
SYN -j QUEUE
  |   |       iptables -A INPUT -d 192.160.0.0/255.255.255.0 -p tcp --tcp-flags SYN 
SYN -j QUEUE
  |   |   
  |   | 
  |   |  user APP connected on hook 1 on the ip_queue
  |   |  ---------------------------------------------
  |   | 
  |   | 
  |   |         What's wrong ?
  |   | 
  |   |         Thanks a lot
  |   | 
  |   |                 Fran�ois
  |   | 
  |   | -- 
  |   | Woody 3.0
  |   | Linux tanna 2.4.14 #3 SMP Thu Dec 6 14:04:03 CET 2001 i686 unknown
  |   | 
  |   | PGP fingerprint : 9AFA 15EC 96C9 F607 EBC1  DD41 70C5 F0E0 25A5 105B
  |   | 
  |   | 
  |   | 
  |   | 
  |   | 
  |   | 
  |   |   
  |   | 
  |   |          
  |   | 
  |   | 
  | 
  | 
  |

Reply via email to