Hi, 2005-07-06, sze keltezéssel 15.37-kor Keserű Kornél ezt írta: > When I send packet with the problematic application, no lines appear in > kern.log. [...] > My SNAT rule looks like this: > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > SNAT all -- anywhere anywhere to:10.10.2.222 > > So I think, the rule is general enough. I tried to filter on interface, > source address, protocol, etc. but no effect... > > Can an application somehow specify that iptables shouldn't have any > effect on its outgoing packets? No, unless it runs as root, uses PF_PACKET sockets and does full packet assembly "by hand". If you don't have access to the source code you could try using strace to find out what kind of sockets the given application opens. -- Regards, Krisztian Kovacs
