Le lun 06/10/2003 à 15:35, pigi a écrit : > $iptables -t nat -A PREROUTING -s 127.0.0.0/8 -i ppp0 -j LOG --log-level > debug --log-prefix "Spoof PREROUTING" > $iptables -t nat -A PREROUTING -s 127.0.0.0/8 -i ppp0 -j DROP > > this other it's working. > My question is: why do the prerouting chain is able to catch the spoofed > packet, while the INPUT one isn't ?. > The destination address IS on my ppp0 interface, so it should be caught > also in the INPUT chain. Do you have rp_filters activated ? If so, packet is dropped at first routing point for kernel checks reverse path. Activate martians logging to confirm this : echo 1 > /proc/sys/net/ipv4/conf/all/log_martians -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
