Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi all!
I want to change the source of all outgoing packets on port 5000 to 0.0.0.0 (even though my NIC is configured with an correct IP address). Whats the way to do it? Best would be if I could do it from within my application (written in C). My solution now is iptables:
But the problem with the above line is that it only seems to change packets addressed to the broadcast address (255.255.255.255) which seems very odd to me? Can anyone see why??? I want unicast packets to be changed too...
Are you shure that no other rule in POSTROUTE chain or any other chain send the packet to another terminal target (stopping the check)?
Walk through all chains, rules and policies using this schema: http://iptables-tutorial.frozentux.n...ERSINGOFTABLES
You can also let iptables show the hit count for every rule and policy to see if the packets reach the proper targets.
hi!
All chains is empty and all chains has the policy to ACCEPT, I have also done
iptables -t {nat, mangle, filter} -F
and then
iptables -t nat -A POSTROUTING -p udp --dport 5000 -j SNAT --to 0.0.0.0
I have found out that it seems that if the first UDP packet is a broadcast the source will be set to 0.0.0.0 but it also causes the other packets to not hit my NAT-rule, which seems to be strange to me???
If I let the first packet also be unicast, that packet and the following packets will get their source set to 0.0.0.0??? (but I want the first packet to be broadcast)
/Rickard
Last edited by rickthemick; 11-03-2004 at 05:51 AM.
Note that, as we have said before, only the first packet in a stream will hit this chain. After this, the rest of the packets will automatically have the same action taken on them as the first packet.
But to me this says that it should indeed work and also the unicast packets should get the src set to 0.0.0.0!?
/Rick
Last edited by rickthemick; 11-03-2004 at 11:58 AM.
-> Is there any other way around this problem to set the source address to 0.0.0.0? (How does DHCP accomplish this?)
-> Any iptables gurus how can see whats going wrong for me?
I'm trying to do quite similiar thing that DHCP does. More specifically I'm testing how to implement a Mobile IPv4 prototype, and this requires a visting node to talk to a foreign agent (FA) on a foreign network to get its FA-COA (Care-Of-Address).
The FA will for example not receive any packets if it has the source of the mobile nodes home address, which could be anything. So, if I set it to 0.0.0.0, the FA will accept the packet (e.g the first broadcast - solicitation), and then reply with a advertisement.
So again, I need to set the source to 0.0.0.0, or is there any other and better solution to get the nodes to communicate? I would feel terriable to have to give up on this now...
So you let the FA-COA forward the request to your FA?
Why then use IP 0.0.0.0 and not 255.255.255.255?
I'm not completely sure I follow. I still think that IP 0.0.0.0 is not a valid IP to use. What would be the netmask you use with that IP?
If I have understood it right, then I think that forwarding to IP 255.255.255.255 instead of 0.0.0.0 would be the way to go.
So you let the FA-COA forward the request to your FA?
FA-COA is a IP address. More specifically is the address of the global interface of the FA which is assigned to each visting mobile node (MN), so the HA knows where to put its tunnel end point.
Quote:
Why then use IP 0.0.0.0 and not 255.255.255.255?
I hope you mean as source address. I don't really see the difference and I believe setting the source to 0.0.0.0 is ok since DHCP also does this.
Quote:
I'm not completely sure I follow. I still think that IP 0.0.0.0 is not a valid IP to use. What would be the netmask you use with that IP?
I think that there is nothing like a netmask in a IPv4 packet of what I know. The receiving host that gets a packet with src 0.0.0.0 will accept it if the destination address is 255.255.255.255, this fact is used by DHCP and I use it now.
Quote:
If I have understood it right, then I think that forwarding to IP 255.255.255.255 instead of 0.0.0.0 would be the way to go.
Yes, I have never wanted to send packets to 0.0.0.0, my wish has been to set the source to 0.0.0.0.
The whole thing seems to work now in my implemention, I dont really know why, which doesnt feel 100% ok... but anyway I get the source to 0.0.0.0 and MIPv4 is up and running! Thanks for you time and interest in this thread. I will discussed it more if there are more responds, but my problems seems to be solved for now.
I think there should be I library for doing iptables stuff from within an application, is that correct? Any tutorials, tips? (using the system("iptables...") is quite ugly, isnt it?
Last edited by rickthemick; 11-05-2004 at 07:44 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.