SNAT rule in the POSTROUTING chain ignored?

Keserű Kornél keseruk at freemail.hu
Wed Jul 6 15:37:07 CEST 2005 

Hello,

when I send packets with the java program, lines like the following one 
appear in the kern.log, and iptables rules have the expected effect.

Jul  5 18:59:48 localhost kernel: IN= OUT=eth0 SRC=10.10.2.122 
DST=10.10.2.28 LEN=39 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=UDP SPT=5060 DPT=5060 LEN=19

When I send packet with the problematic application, no lines appear in 
kern.log.

In the meantime I developed another C application that sends UDP 
packets from the same IP and port (5060) and it works as weel. But I 
cannot understand why iptables doesn't have any effect on the 
packets of the other C application (developed by other people).
The problematic application sends SIP (UDP) messages, while my 
application sends only dummy UDP packets. But I think, this is the only 
difference.

My SNAT rule looks like this:
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  anywhere             anywhere            to:10.10.2.222

So I think, the rule is general enough. I tried to filter on interface, 
source address, protocol, etc. but no effect...

Can an application somehow specify that iptables shouldn't have any 
effect on its outgoing packets?

Bye,
Kornel Keseru


KOVACS Krisztian <hidden at balabit.hu> írta:

> 
>   Hi,
> 
> 2005-07-05, k keltezéssel 20.00-kor Keserű Kornél ezt írta:
> > I tried to debug the things in /var/log/kern.log and I found, that 
some 
> > debug lines appear when the java application sends something, 
but 
> > nothing appears when the C application sends.
> > Do you have any idea why iptables can not work for packets of the 
C 
> > application altough it works for a java application?
> > Thank you for your help in advance.
> 
>   Could you please tell us what those debug lines are? Probably that
> would help a lot.
> 
> -- 
>  Regards,
>   Krisztian Kovacs
> 
> 

________________________________________________________________________________
[freemail] extra 1GB-os postafiókkal, Önnek már van? http://freemail.hu

More information about the netfilter mailing list