Hi guys,
I defined two rules in the iptables to queue selected packets for
processing.You can see rules below and iptables -A commands. My java application uses JNI to
access the packets queued by netfilter.
My application can receive packets with destination ip 10.0.0.53 but can
not receive other packets with destination ip 195.87.7.163.
But the packets reach to destination 195.87.7.163 without problem.
Thanks
My system
Kernel 2.6.18-194.el5
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
iptables v1.3.5
first rule:
iptables -A FORWARD -s 10.0.0.52 -p tcp -d 10.0.0.53 -j NFQUEUE -queue-num 1
iptables -t nat -A POSTROUTING -s 10.0.0.52 -d 10.0.0.53 -o eth0 -j MASQUERADE
second rule:
iptables -A FORWARD -p tcp -d 195.87.7.163 -j NFQUEUE --queue-num 1
iptables -t nat -A PREROUTING -p tcp --dport 8050 -j DNAT --to-destination 195.87.7.163:10555
[root@imcp1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
NFQUEUE all -- 10.0.0.52 10.0.0.53 NFQUEUE num 1
NFQUEUE tcp -- anywhere 195.87.7.163 tcp dpt:10555 NFQUEUE num 1
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@imcp1 ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:8050 to:195.87.7.163:10555
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.0.0.52 10.0.0.53
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
