Le lun 05/07/2004 Ã 23:08, ÐÐÑÐÐÐÐ ÐÐÑÐÐÐ ÐÐÐÐÐÐÐÐÐÑ a Ãcrit : > how can I manage packets incoming from 80 port to my LAN? > All chains and tables(OUTPUT:mangle,nat,filter and > POSTROUTING:mangle,nat) shows that one go from > local_ip_of_gateway:3128. > But tcpdump started at LAN interface shows that packets go from real > ip addresses and src_port 80.... > In what chain and table netfilter replaces SRC_ip & SRC_port back by > real? After POSTROUTING, so you are not able to match them. But what you can do is use CONNMARK target and connmark match to spot thoses connections. Something like : iptables -A PREROUTING -t mangle -i LAN -p tcp --dport 80 \ -j CONNMARK --set-mark 0x01 Now, every packet that belongs to a connection beginning by one of theses packets will get connmarked with 0x01. To match them back, use connmark match like this : -m connmark --mark 0x01 Hope it will help. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
