Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 02-08-2012, 07:36 PM   #1
LQ Newbie
Registered: Feb 2012
Posts: 3

Rep: Reputation: Disabled
routing + iptables + nfqueues

Hi All,

long time lurker, recent poster.

I'm currently trying to setup a network in the following configuration

a: :
default gateway:
Box a has a web browser

eth0 : :
eth1 : :
Box b has some net filter code i wrote and some iptable additions

c: :
default gateway:
Box C has a web server

On box b there are 2 network cards.

On box b i am trying to intercept http traffic from box a going to box c.

On box a i have tried to ping box c but get no destination and vice versa.

when i enable IP Forwarding (sudo sysctl net.ipv4.ip_forward=1), the ping now work, but my filter on box b doesn't seem to work (it seems like anything i do with iptables is ignored). I would expect anything going from box a to box c to be logged in my interceptor, but alas its not ..

On box b i can startup a web browser and my filter works fine ...

I can only assume that the ip forwarding is bypassing the network filter and automatically forwarding on packets.

how would i get box a to see box c, without using ip forwarding, do i need to setup routes?

I've been looking but haven't found much good examples to get routing working well ...
Old 02-08-2012, 07:41 PM   #2
LQ Newbie
Registered: Feb 2012
Posts: 3

Original Poster
Rep: Reputation: Disabled
as some additional info i am using:

iptables -A OUTPUT -p tcp -j NFQUEUE -d --dport 80 --queue-num 0

which is effectively filtering all traffic to on port 80 into my program where i can see it.

as i said, this all works fine if i browse on box b, but on box a its ignored with ip forwarding enabled ...
Old 02-09-2012, 10:21 AM   #3
LQ Newbie
Registered: Feb 2012
Posts: 3

Original Poster
Rep: Reputation: Disabled
i resolved the issue,

for those facing similar problems:

i changed to this:
iptables -A FORWARD -p tcp -j NFQUEUE -d --dport 80 --queue-num 0

basically i chnaged OUTPUT to FORWARD as the gateway forwards the packets to box c rather than outputs when using box b as a gateway
1 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables and routing hquinn Linux - Networking 1 03-15-2008 07:23 AM
Routing with IPTables help jet-lee Linux - Networking 9 01-18-2008 01:48 AM
iptables routing CJ_Grobler Linux - Security 1 06-14-2005 03:13 AM
iptables / routing hakcenter Linux - Networking 13 05-01-2003 05:16 AM
routing with iptables Han_Solo Linux - Security 0 10-28-2001 07:04 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:03 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration