Hi,
What I need is to be able to know the source IP and port of the
packets received at a particular port (10000 here) in user space
through a C language interface or may be can I read somewhere from the
proc directory?
For example,
Machine X <------>| Network |<------->(eth0) My Machine (eth1) <----->Machine A
Machine Y <------>| |
Machine X - 192.168.1.13
Machine Y - 192.168.1.14
My Machine eth0 - 192.168.1.100
My Machine eth1 - 172.16.1.100
Machine A - 172.16.1.200 is a slave device controlled by my machine.
My machine receives some packets on port 10000 on eth0. Its job is to
simply forward them to Machine A. It does so by
iptables -t nat -I PREROUTING -i eth0 -p udp \
--dport 10000 -j DNAT --to-destination 172.16.1.200
Machine A is configured to send packets to Machine X. My machine is
default gateway for Machine A.
I do masquerading on eth0 and forwarding is enabled - eth1 to eth0.
Now I need that in case Machine Y is sending on port 10000 instead of
Machine X, I should have the *choice* whether to configure Machine A
continue sending to X or instead now configure it to send to Machine
Y.
Hope I am clear,
Elison
2009/8/11 Gáspár Lajos <swifty@xxxxxxxxxxx>:
> Hi Elison,
>
> The conntrack subsystem knows about every connection.
> So maybe you need to check that.
>
> Elison Niven írta:
>>
>> Hi List,
>>
>> I have two interfaces eth0 and eth1 on my machine.
>>
>> My machine has eth0 = 192.168.1.100 and eth1 = 172.16.1.100
>>
>> The scenario is that I will be receiving packets at port 10000 on eth0
>> of my machine. I do not know from which IP the packets are being
>> received (Can be any machine - I do not need to apply a source address
>> matching rule).
>>
>
> You may not know the source IP, but your machine will, because it sees the
> packets coming from eth0's network.
>>
>> I need to forward these packets to another machine B that I do so with
>> this rule:
>>
>> iptables -t nat -I PREROUTING -i eth0 -p udp \
>> --dport 10000 -j DNAT --to-destination 172.16.1.200
>>
>> Note that I have not added any -s option to the rule for source
>> address matching.
>>
>> This also works properly. Now I need to _know_ the source IP and
>> source Port of the packets that are being received at port 10000 on
>> eth0. (For example to send some data back to the _same_machine_ that
>> is sending packets at port 10000)
>>
>
> Again. If the conntrack (in your machine) knows the source IP/port numbers
> then it will automagically replace them on the backroute.
> It may be also a problem if your response packets are not SNAT-ed. (In the
> case the sender machines sending the packets directly to your machine.)
>>
>> How do I achieve this?
>>
>> Best Regards,
>> Elison
>>
>
> Swifty
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
