Adjusting TOS/ Precedence/ in IPTables

karl at karl at
Wed Nov 2 22:20:59 CET 2005

Hi Rusty, Netfilter list,

Our setup:

Tool Machine ------- Analysis Machine ------ Host/Controller Machine

Our Need:

All we want is to make the duplicate packets look like they are coming
from the host so the tool does not know about the analysis (middle/bridge)

In order to do that we have to change the source Ip/ port and precendence
/ security / compartment.  How is this done in IPTables?

Specific Notes:
We don't need/use a 3 way connection.

Note that when analysis machine can successfully connect to the TCP
server, the host still sends packets towards the tool, but since the
analysis machine is in between them, it receives the packet, processes it
and sends a duplicate packet towards the tool server.

Note:  it is a duplicate packet, not the original one since in the
analysis machine software we are dealing with a higher level protocol
(HSMS over TCP) and the modules of the software that deal with the tool
communication and host communication are independent. This is a given and
cannot be changed.

Step-by-step details of communication:

We have a machine (analysis) sitting in between two other machines

Phase 1:  Tool and Host/Controller are communicating.

Phase 2:  Direct connection between Tool/Controller is changed, via a
shunting feature in the NIC cards, to now send traffic through the
ethernet ports 1/2 of the Analysis machine sititng in the middle.

Phase 3: Information going between the Tool/Host continues through this
bridge/analysis machine, so that the tool/host don't know about the
middle/bridge/analysis machine.  This information is then fed to various
software on the analysis machine, and used to effect better chip etching

Phase 4:  Analysis concludes, the middle/bridge/Analysis machine 'hangs
up', and the DIRECT communication between the Tool/Host-Controller
machines resumes, all without violating RFC 798.

More information about the netfilter mailing list