Dear all,
I work on Mobile IP, I use Dynamics HUT Mobile IP
implementation, It uses IPIP tunneling between FAs and HAs, and Anthony is
right because netfilter tracks the outer src and dst addresses. However, I
have to see the connections of Mobile Node and Correspondent Node in Iptables
firewall, so I need to track the inner src and dst addresses,
Is there any other possibilities that how I can do it ?
Best regards,
Omer Akoz.
-----Özgün İleti-----
Kimden: Antony Stone
[mailto:Antony@xxxxxxxxxxxxxxxxxxxx]
Gönderilmiş: Paz 11.04.2004
23:34
Kime: netfilter@xxxxxxxxxxxxxxxxxxx
Bilgi:
Konu: Re: ipip tunnel connection tracking
On Sunday 11 April 2004 8:09 pm, Ömer Aköz wrote:
>
I am working on connection tracking of ipip tunnel packets, while
using
> ipip tunneling, in the ip_conntrack file, I see the outer src.
and dst.
> addresses, I try to see original src and dst
addresses.
>
> Is there any module to do this ? I see the
"ip_conntrack_proto_gre", I
> think it makes this shows original
addresses in gre packets ?
Why would a connection tracking module need
to know about the addreses inside
the packets, rather than the addresses in
the headers?
I might be wrong (I haven't used the GRE conntrack
module), but I would expect
it to be interested in the source &
destination addresses of the packets it's
handling through the machine,
rather than the source & destination addresses
of the packets inside
the packets.
After all, isn't that what a tunnel is all
about? The routers along the way
just deal with the outer
addresses, not the addresses
inside?
Regards,
Antony.
--
Most people have more than
the average number of
legs.
Please reply to the
list;
please don't CC me.
