netfilter queue not on filter table

Yasuyuki KOZAKAI yasuyuki.kozakai at toshiba.co.jp
Wed Jul 4 05:07:55 CEST 2007


From: "Stanisław Pitucha" <viraptor at gmail.com>
Date: Tue, 3 Jul 2007 16:18:56 +0100

> I made a mistake before:
> > - QUEUE target works as expected on filter/INPUT, but I don't catch
> > any packets if I try to set it up in nat/PREROUTING or
> > mangle/PREROUTING. What can be the cause?

Only the initial packets of connection see rules in PREROUTING in nat table.

> I see incoming messages in mangle/PREROUTING, but not outgoing ones.
> OTOH they are shown in wireshark at the same time, and are sent.

If you mean that 'outgoing ones' are the packets generated at the local
node queueing packets, they don't pass through PREROUTING, but OUTPUT.

Please refer following.

http://www.netfilter.org/documentation/HOWTO//netfilter-hacking-HOWTO-3.html
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TRAVERSINGOFTABLES

-- Yasuyuki Kozakai



More information about the netfilter-devel mailing list