stateless udp redirect: was: CONFIG_IP_NF_NAT_LOCAL and REDIRECT

Ulisses <ulisses.alonso@xxxxxxxxxxx> · Mon, 13 Jun 2005 19:55:34 +0200

Hi again,

REDIRECT depends on connection tracking?

How I can do a stateless UDP REDIRECT? just like in the 2.0 era?

I suspect that my problems are related to this....

Thanks

	Ulisses

On Mon, Jun 13, 2005 at 05:42:37PM +0200, Ulisses wrote:
> 
> I forgot to mention that it does work on linux 2.4.27 vanilla with
> CONFIG_IP_NF_NAT_LOCAL enabled...
> 
> More precisely:
> 
> socket with local address _not_ set to the loopback adress is redirected,
> and it is seen by tcpdump as
> 
> 127.0.0.1.localport > 127.0.0.1.redirected port
> 
> 
> Thanks in advance
> 
> 	Ulisses
> 
> On Mon, Jun 13, 2005 at 05:21:36PM +0200, Ulisses wrote:
> > 
> > Hello
> > 
> > I'm trying to guess why the REDIRECT tarjet is not applied to local 
> > process having CONFIG_IP_NF_NAT_LOCAL enabled
> > 
> > Having the following rule
> > 
> > iptables -t nat -A OUTPUT --destination $HOSTB/32 --protocol udp --destination-port 123 \
> >          -j REDIRECT --to-ports $ABPORT
> > 
> > 
> > doesn't apply to local ip address, please note that I'm not referring to the loopback.
> > 
> > If the packet is sent form 127.0.0.1 works ok. I'm running kernel 2.6.9 vanilla
> > 
> > Any comment or suggestion will be greatly appreciated
> > 
> > Thanks in advance
> > 
> > 	Ulisses
> >                 Debian GNU/Linux: a dream come true
> > -----------------------------------------------------------------------------
> > "Computers are useless. They can only give answers."            Pablo Picasso
> > 
> > "Debugging is twice as hard as writing the code in the first place.
> > Therefore, if you write the code as cleverly as possible, you are,
> > by definition, not smart enough to debug it." - Brian W. Kernighan
> > 
> 
> -- 
>                 Debian GNU/Linux: a dream come true
> -----------------------------------------------------------------------------
> "Computers are useless. They can only give answers."            Pablo Picasso
> 
> "Debugging is twice as hard as writing the code in the first place.
> Therefore, if you write the code as cleverly as possible, you are,
> by definition, not smart enough to debug it." - Brian W. Kernighan
> 
> 

-- 
                Debian GNU/Linux: a dream come true
-----------------------------------------------------------------------------
"Computers are useless. They can only give answers."            Pablo Picasso

"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan