Re: Why isn't DNAT happening for host-originated packets?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Actually, the inbound path still looks strange to me.  Here's a
concrete example:

A packet originates on the host and travels outbound without
modification [2], exactly as you say.

Now, because the source and destination are the same, it's returning inbound.

   The packet:   src=173.233.67.174:59748   dst=173.233.67.174:25

According to my trace [1], here the path it takes:

   raw:PREROUTING
   mangle:PREROUTING
   mangle:INPUT
   filter:INPUT
   local process

However, the diagram shows nat:PREROUTING between mangle:PREROUTING
and mangle:INPUT.

Why doesn't my packet do that?

Thanks again, this has been very enlightening.

     - Scott


[1] the inbound path doesn't match the diagram, starting at "(start)":

Dec 3 14:03:43 ex kernel: TRACE: raw:PREROUTING:rule:2 IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=173.233.67.174
DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63334 DF
PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0 WINDOW=43690 RES=0x00
SYN URGP=0 OPT (0204FFD70402080A027F0D520000000001030307)
Dec 3 14:03:43 ex kernel: TRACE: raw:PREROUTING:policy:3 IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=173.233.67.174
DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63334 DF
PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0 WINDOW=43690 RES=0x00
SYN URGP=0 OPT (0204FFD70402080A027F0D520000000001030307)
Dec 3 14:03:43 ex kernel: TRACE: mangle:PREROUTING:policy:1 IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=173.233.67.174
DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63334 DF
PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0 WINDOW=43690 RES=0x00
SYN URGP=0 OPT (0204FFD70402080A027F0D520000000001030307)
Dec 3 14:03:43 ex kernel: TRACE: mangle:INPUT:policy:1 IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=173.233.67.174
DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63334 DF
PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0 WINDOW=43690 RES=0x00
SYN URGP=0 OPT (0204FFD70402080A027F0D520000000001030307)
Dec 3 14:03:43 ex kernel: TRACE: filter:INPUT:policy:5 IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=173.233.67.174
DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63334 DF
PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0 WINDOW=43690 RES=0x00
SYN URGP=0 OPT (0204FFD70402080A027F0D520000000001030307)



[2]: the outbound path exactly matches the diagram, starting at "local process":

Dec 3 14:03:43 ex kernel: TRACE: raw:OUTPUT:rule:1 IN= OUT=lo
SRC=173.233.67.174 DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=63334 DF PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0
WINDOW=43690 RES=0x00 SYN URGP=0 OPT
(0204FFD70402080A027F0D520000000001030307) UID=0 GID=0
Dec 3 14:03:43 ex kernel: TRACE: raw:OUTPUT:policy:3 IN= OUT=lo
SRC=173.233.67.174 DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=63334 DF PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0
WINDOW=43690 RES=0x00 SYN URGP=0 OPT
(0204FFD70402080A027F0D520000000001030307) UID=0 GID=0
Dec 3 14:03:43 ex kernel: TRACE: mangle:OUTPUT:policy:1 IN= OUT=lo
SRC=173.233.67.174 DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=63334 DF PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0
WINDOW=43690 RES=0x00 SYN URGP=0 OPT
(0204FFD70402080A027F0D520000000001030307) UID=0 GID=0
Dec 3 14:03:43 ex kernel: TRACE: nat:OUTPUT:policy:1 IN= OUT=lo
SRC=173.233.67.174 DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=63334 DF PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0
WINDOW=43690 RES=0x00 SYN URGP=0 OPT
(0204FFD70402080A027F0D520000000001030307) UID=0 GID=0
Dec 3 14:03:43 ex kernel: TRACE: filter:OUTPUT:policy:2 IN= OUT=lo
SRC=173.233.67.174 DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=63334 DF PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0
WINDOW=43690 RES=0x00 SYN URGP=0 OPT
(0204FFD70402080A027F0D520000000001030307) UID=0 GID=0
Dec 3 14:03:43 ex kernel: TRACE: mangle:POSTROUTING:policy:2 IN=
OUT=lo SRC=173.233.67.174 DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00
TTL=64 ID=63334 DF PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0
WINDOW=43690 RES=0x00 SYN URGP=0 OPT
(0204FFD70402080A027F0D520000000001030307) UID=0 GID=0
Dec 3 14:03:43 ex kernel: TRACE: nat:POSTROUTING:policy:6 IN= OUT=lo
SRC=173.233.67.174 DST=173.233.67.174 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=63334 DF PROTO=TCP SPT=59748 DPT=25 SEQ=2002582068 ACK=0
WINDOW=43690 RES=0x00 SYN URGP=0 OPT
(0204FFD70402080A027F0D520000000001030307) UID=0 GID=0
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux