I am injecting packets in a network. I can see this packets from
libpcap
from several machines so the packets are there. The machine supposed
to receive
the packets can see them too in a tcpdump. Besides it answers to some
of them
(syn/ack if I inject tcp syncs) so packets are arriving. The tools I
use to inject
packets are packit, nemesis and others home-made over libnet. The
problem is that
in spite of packets being received they does not seem to enter
iptables as I cannot
LOG or ULOG them in destination machine. This does not happen with
convencional traffic as pings or tcp connections that can be logged
normally.
It seems to be a problem related to "artificially" injected traffic
not reaching iptables.
¿Is conttrack or some part of iptables realising this packets are not
legal enough to reach
iptables?
logging rule is quite simple
root@bipt08:~# iptables-save
# Generated by iptables-save v1.2.9 on Thu Jul 1 13:58:09 2004
*nat
:PREROUTING ACCEPT [737:65375]
:POSTROUTING ACCEPT [1962:84481]
:OUTPUT ACCEPT [1962:84481]
-A PREROUTING -i eth1 -j ULOG --ulog-prefix "catch it please"
COMMIT
# Completed on Thu Jul 1 13:58:09 2004
# Generated by iptables-save v1.2.9 on Thu Jul 1 13:58:09 2004
*filter
:INPUT ACCEPT [31481:4480745]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [37288:10900591]
COMMIT
# Completed on Thu Jul 1 13:58:09 2004
# Generated by iptables-save v1.2.9 on Thu Jul 1 13:58:09 2004
*mangle
:PREROUTING ACCEPT [31500:4483968]
:INPUT ACCEPT [31482:4480797]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [37289:10900787]
:POSTROUTING ACCEPT [37289:10900787]
COMMIT
# Completed on Thu Jul 1 13:58:09 2004
--
______________________________
< hola, soy una firma horrible >
------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
mail: txemi <txemi2@xxxxxxxxxxxxx>
web: http://txemi.webhop.org
mirror: http://txemi2.webhop.org
