ipt_TARPIT generating illegal traffic ... skips POSTROUTING

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Some packets (http://lists.netfilter.org/pipermail/netfilter/2003-June/044844.html) not masqueraded and routed out raw with src address of my internal box.

In addition to the thread above,
# tcpdump -npi ppp1 net 65.24/16
I get nothing no packets when they are showing on ppp0. Both tcpdumps are running simultaneously.
# tcpdump -npi ppp0 net 65.24/16
17:10:05.055600 65.24.XXX.238.56992 > 65.XXX.XXX.2.2662: S 3924597812:3924597812(
0) win 52000 <mss 1460> (DF)
17:10:05.055885 10.1.0.100.2662 > 65.24.XXX.238.56992: S 2933399770:2933399770(0
) ack 3924597813 win 5 (DF)
...


The router must be generating the replies, I looked into the PREROUTING and FORWARD chains of my iptables firewall. These packets were matching the TARPIT target in my FORWARD chain after they have been DNAT to 10.1.0.100 in PREROUTING!

So of course ipt_TARPIT must be responsible for generating the replies without going through the POSTROUTING chain. None of the reply packets by ipt_TARPIT were masqueraded! I removed ipt_TARPIT target and everything is okay now.

ipt_TARPIT should forward its reply packets through POSTROUTING though! and not directly out the interface. This is a ipt_TARPIT bug.

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux