iptables and martian filtering
jainp1979 at gmail.com
Wed Jun 6 15:25:27 CEST 2007
I am learning how iptables work, so I was writing rules for PREROUTING
chain in nat table
I was trying to change the destination address in the incoming packet
to 127.x.x.x IP.
since my server is listening on that interface.
I added following rules:
iptables -I PREROUTING -t nat -p tcp -d 192.168.1.10 --dport 23456 -j
DNAT --to-destination 127.0.0.3
iptables -I INPUT -p tcp -d 127.0.0.3 -j ACCEPT
iptables -I INPUT -p tcp -i lo -j ACCEPT
iptables -I OUTPUT -p tcp -s 127.0.0.3 -j ACCEPT
iptables -I OUTPUT -p tcp -o lo -j ACCEPT
server is listening on 127.0.0.3:23456
client is trying to connect to 192.168.1.10:23456
but client is not able to connect to the server
I was getting logs such as "martian destination 127.0.0.3 from
192.168.1.10, dev eth0" in dmesg.
I believe "Martian Address Filtering" is taking place.
is there any way to override this filtering action ?
More information about the netfilter-devel