Need to clear packet traversal path
Sumit Pandya
sumit@elitecore.com
Tue, 22 Jan 2002 20:33:54 +0530
Hi All,
I'm using Kernel 2.4.12 with newnat5 patch. I made following entries in
netfilter
Private Linux Internet Gateway
172.16.0.2 ---- 172.16.0.1/192.168.1.2 ---- 192.168.1.1
eth0 eth1
# iptables -t nat -I PREROUTING -j LOG
# iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.1.2
now if I ping www.yahoo.com from 172.16.0.2 I get packet logged only for
one direction
Jan 22 20:17:56 kernel2_4 kernel: IN=eth2 OUT=
MAC=00:80:c8:4b:41:b4:00:50:ba:d1:3c:46:08:00 SRC=172.16.0.2
DST=216.115.102.81 LEN=1052 TOS=0x00 PREC=0x00 TTL=32 ID=28981 PROTO=ICMP
TYPE=8 CODE=0 ID=256 SEQ=41472
Jan 22 20:17:57 kernel2_4 kernel: IN=eth2 OUT=
MAC=00:80:c8:4b:41:b4:00:50:ba:d1:3c:46:08:00 SRC=172.16.0.2
DST=216.115.102.81 LEN=1052 TOS=0x00 PREC=0x00 TTL=32 ID=29237 PROTO=ICMP
TYPE=8 CODE=0 ID=256 SEQ=41728
Why It cannot see packets comming from www.yahoo.com (216.115.102.81).
Ya It logs packet of both direction if insteed of PREROUTING I make same
LOG rule for FORWARD in filter table. Doesn't packets always first come to
PREROUTING? It does, right? And It's observed too but only for half-part, I
mean not for packet which returns from destination. Is there something to do
with SNAT? Infact I wanted to implement IP accounting in our required
design, and I stucked up so i decided to go for LOG and ensure the way
first.
-- Sumit