|
routing + iptables + nfqueues
Hi All,
long time lurker, recent poster. I'm currently trying to setup a network in the following configuration a: 192.168.0.19 : 255.255.255.0 default gateway: 192.168.0.15 Box a has a web browser b: eth0 : 192.168.0.15 : 255.255.255.0 eth1 : 10.5.0.2 : 255.255.255.0 Box b has some net filter code i wrote and some iptable additions c: 10.5.0.3 : 255.255.255.0 default gateway: 10.5.0.2 Box C has a web server On box b there are 2 network cards. On box b i am trying to intercept http traffic from box a going to box c. On box a i have tried to ping box c but get no destination and vice versa. when i enable IP Forwarding (sudo sysctl net.ipv4.ip_forward=1), the ping now work, but my filter on box b doesn't seem to work (it seems like anything i do with iptables is ignored). I would expect anything going from box a to box c to be logged in my interceptor, but alas its not .. On box b i can startup a web browser and my filter works fine ... I can only assume that the ip forwarding is bypassing the network filter and automatically forwarding on packets. how would i get box a to see box c, without using ip forwarding, do i need to setup routes? I've been looking but haven't found much good examples to get routing working well ... |
as some additional info i am using:
iptables -A OUTPUT -p tcp -j NFQUEUE -d 10.5.0.3 --dport 80 --queue-num 0 which is effectively filtering all traffic to 10.5.0.3 on port 80 into my program where i can see it. as i said, this all works fine if i browse on box b, but on box a its ignored with ip forwarding enabled ... |
i resolved the issue,
for those facing similar problems: i changed to this: iptables -A FORWARD -p tcp -j NFQUEUE -d 10.5.0.3 --dport 80 --queue-num 0 basically i chnaged OUTPUT to FORWARD as the gateway forwards the packets to box c rather than outputs when using box b as a gateway |
| All times are GMT -5. The time now is 07:35 PM. |