SNAT rule in the POSTROUTING chain ignored?

Keserű Kornél keseruk at
Wed Jul 6 15:37:07 CEST 2005


when I send packets with the java program, lines like the following one 
appear in the kern.log, and iptables rules have the expected effect.

Jul  5 18:59:48 localhost kernel: IN= OUT=eth0 SRC= 
DST= LEN=39 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=UDP SPT=5060 DPT=5060 LEN=19

When I send packet with the problematic application, no lines appear in 

In the meantime I developed another C application that sends UDP 
packets from the same IP and port (5060) and it works as weel. But I 
cannot understand why iptables doesn't have any effect on the 
packets of the other C application (developed by other people).
The problematic application sends SIP (UDP) messages, while my 
application sends only dummy UDP packets. But I think, this is the only 

My SNAT rule looks like this:
target     prot opt source               destination
SNAT       all  --  anywhere             anywhere            to:

So I think, the rule is general enough. I tried to filter on interface, 
source address, protocol, etc. but no effect...

Can an application somehow specify that iptables shouldn't have any 
effect on its outgoing packets?

Kornel Keseru

KOVACS Krisztian <hidden at> írta:

>   Hi,
> 2005-07-05, k keltezéssel 20.00-kor Keserű Kornél ezt írta:
> > I tried to debug the things in /var/log/kern.log and I found, that 
> > debug lines appear when the java application sends something, 
> > nothing appears when the C application sends.
> > Do you have any idea why iptables can not work for packets of the 
> > application altough it works for a java application?
> > Thank you for your help in advance.
>   Could you please tell us what those debug lines are? Probably that
> would help a lot.
> -- 
>  Regards,
>   Krisztian Kovacs

[freemail] extra 1GB-os postafiókkal, Önnek már van?

More information about the netfilter mailing list