Help with routing ping requests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 I have configured iptables to custom route some icmp packets. I have
set up logging and here is the log:

Jan  1 00:01:06 TAPC kern.debug kernel: [   73.720000] icmp_prerouting
IN=eth0 OUT= MAC=e0:46:9a:41:75:7e:00:0c:29:51:5b:9f:08:00
SRC=72.64.140.50 DST=72.64.140.67 LEN=60 TOS=0x00 PREC=0x00 TTL=128
ID=2192 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=17
Jan  1 00:01:06 TAPC kern.debug kernel: [   73.720000] icmp_forward
IN=eth0 OUT=br0 MAC=e0:46:9a:41:75:7e:00:0c:29:51:5b:9f:08:00
SRC=72.64.140.50 DST=192.168.1.200 LEN=60 TOS=0x00 PREC=0x00 TTL=127
ID=2192 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=17
Jan  1 00:01:06 TAPC kern.debug kernel: [   73.720000]
icmp_postrouting IN= OUT=br0 SRC=72.64.140.50 DST=192.168.1.200 LEN=60
TOS=0x00 PREC=0x00 TTL=127 ID=2192 PROTO=ICMP TYPE=8 CODE=0 ID=1
SEQ=17
Jan  1 00:01:11 TAPC kern.debug kernel: [   78.510000] icmp_forward
IN=eth0 OUT=br0 MAC=e0:46:9a:41:75:7e:00:0c:29:51:5b:9f:08:00
SRC=72.64.140.50 DST=192.168.1.200 LEN=60 TOS=0x00 PREC=0x00 TTL=127
ID=2193 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=18
Jan  1 00:01:16 TAPC kern.debug kernel: [   83.520000] icmp_forward
IN=eth0 OUT=br0 MAC=e0:46:9a:41:75:7e:00:0c:29:51:5b:9f:08:00
SRC=72.64.140.50 DST=192.168.1.200 LEN=60 TOS=0x00 PREC=0x00 TTL=127
ID=2194 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=19
Jan  1 00:01:21 TAPC kern.debug kernel: [   88.510000] icmp_forward
IN=eth0 OUT=br0 MAC=e0:46:9a:41:75:7e:00:0c:29:51:5b:9f:08:00
SRC=72.64.140.50 DST=192.168.1.200 LEN=60 TOS=0x00 PREC=0x00 TTL=127
ID=2195 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=20

The entries with prefix icmp_prerouting is from the -t nat PREROUTING
chain. The entries with prefix icmp_forward are from the -t filter
FORWARD chain. The entry with prefix icmp_postrouting is from the -t
nat POSTROUTING table. I also have loging in the INPUT and OUTPUT
chains. However no entries have been generated from those chains.

I have Wireshark connected to both the WAN side and the LAN side. I
see the packets going into the WAN which produces the above entries,
however I do not see any packets coming out either the LAN or the WAN
side.

Without any of my custom rules, I can ping the WAN interface without
issues. From within the Telenet shell I can also ping the address
192.168.1.200 without issues. On Wireshark both the incoming packets
and the outgoing packets show up as expected.

Does anyone have any idea where the outgoing packets disappear? Is br0
the correct output device so that the packet will be sent to the LAN
ports? This application is DD-WRT running on a Netgear router.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux