SNAT rule in the POSTROUTING chain ignored?
keseruk at freemail.hu
Wed Jul 6 15:37:07 CEST 2005
when I send packets with the java program, lines like the following one
appear in the kern.log, and iptables rules have the expected effect.
Jul 5 18:59:48 localhost kernel: IN= OUT=eth0 SRC=10.10.2.122
DST=10.10.2.28 LEN=39 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
PROTO=UDP SPT=5060 DPT=5060 LEN=19
When I send packet with the problematic application, no lines appear in
In the meantime I developed another C application that sends UDP
packets from the same IP and port (5060) and it works as weel. But I
cannot understand why iptables doesn't have any effect on the
packets of the other C application (developed by other people).
The problematic application sends SIP (UDP) messages, while my
application sends only dummy UDP packets. But I think, this is the only
My SNAT rule looks like this:
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- anywhere anywhere to:10.10.2.222
So I think, the rule is general enough. I tried to filter on interface,
source address, protocol, etc. but no effect...
Can an application somehow specify that iptables shouldn't have any
effect on its outgoing packets?
KOVACS Krisztian <hidden at balabit.hu> írta:
> 2005-07-05, k keltezéssel 20.00-kor Keserű Kornél ezt írta:
> > I tried to debug the things in /var/log/kern.log and I found, that
> > debug lines appear when the java application sends something,
> > nothing appears when the C application sends.
> > Do you have any idea why iptables can not work for packets of the
> > application altough it works for a java application?
> > Thank you for your help in advance.
> Could you please tell us what those debug lines are? Probably that
> would help a lot.
> Krisztian Kovacs
[freemail] extra 1GB-os postafiókkal, Önnek már van? http://freemail.hu
More information about the netfilter