using libiptc to append iptables rule but no effect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I am able to use libiptc to append rules into iptables and I can
verify those rules from using the iptables command.

However, when I send traffic to the machine, it is not forwarding the
packets as I requested it to.  However, if I use iptables -A to add
the entry, it can work.  Can someone help me out?  What is the
difference between using libiptc to append rules and using iptables
-A?  I did use ipt_commit() at the end.

Here are the rules I am appending.  Any suggestion will be greatly appreciated.


iptc_first_rule: first rule(PREROUTING): 0x1e7aac0
WARNING: handle->chain_index_sz == 0
DNAT       udp  --  192.168.1.251        anywhere            udp
spt:61002 to:192.168.1.252:60998
iptc_next_rule: rule_iterator_cur=0x1e7aac0...next=0x1e7abe0,
head=0x1e7aa90...returning rule 0x1e7abe0
WARNING: handle->chain_index_sz == 0
DNAT       udp  --  192.168.1.252        anywhere            udp
spt:60998 to:192.168.1.251:61002
iptc_next_rule: rule_iterator_cur=0x1e7abe0...next=0x1e7ad00,
head=0x1e7aa90...returning rule 0x1e7ad00
WARNING: handle->chain_index_sz == 0
DNAT       udp  --  192.168.1.56         anywhere            udp
spt:16385 to:192.168.1.20:10004
iptc_next_rule: rule_iterator_cur=0x1e7ad00...next=0x1e7ae20,
head=0x1e7aa90...returning rule 0x1e7ae20
WARNING: handle->chain_index_sz == 0
DNAT       udp  --  192.168.1.20         anywhere            udp
spt:10004 to:192.168.1.56:16385
iptc_next_rule: rule_iterator_cur=0x1e7ae20...next=0x1e7aa90,
head=0x1e7aa90...finished, returning NULL
iptc_next_chain: : returning `POSTROUTING'

iptc_get_policy: called for chain POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
iptc_first_rule: first rule(POSTROUTING): 0x1e7b0b0
WARNING: handle->chain_index_sz == 0
SNAT       udp  --  192.168.1.251        anywhere            udp
spt:61002 to:192.168.1.114:18352
iptc_next_rule: rule_iterator_cur=0x1e7b0b0...next=0x1e7b1d0,
head=0x1e7b080...returning rule 0x1e7b1d0
WARNING: handle->chain_index_sz == 0
SNAT       udp  --  192.168.1.252        anywhere            udp
spt:60998 to:192.168.1.114:18354
iptc_next_rule: rule_iterator_cur=0x1e7b1d0...next=0x1e7b2f0,
head=0x1e7b080...returning rule 0x1e7b2f0
WARNING: handle->chain_index_sz == 0
SNAT       udp  --  192.168.1.56         anywhere            udp
spt:16385 to:192.168.1.114:24608
iptc_next_rule: rule_iterator_cur=0x1e7b2f0...next=0x1e7b410,
head=0x1e7b080...returning rule 0x1e7b410
WARNING: handle->chain_index_sz == 0
SNAT       udp  --  192.168.1.20         anywhere            udp
spt:10004 to:192.168.1.114:24610
iptc_next_rule: rule_iterator_cur=0x1e7b410...next=0x1e7b080,
head=0x1e7b080...finished, returning NULL
iptc_next_chain: : returning `OUTPUT'
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux