All of lore.kernel.org
 help / color / mirror / Atom feed
* trying to duplicate udp packets destined for port 67 to port 6767 on same host
@ 2019-12-10  3:22 Mike
  2019-12-18  6:04 ` Duncan Roe
  0 siblings, 1 reply; 2+ messages in thread
From: Mike @ 2019-12-10  3:22 UTC (permalink / raw)
  To: netfilter

I have a DHCP server on a host but also want to run openHAB which has 
the ability to listen on port 6767 for DHCP requests. The docs say to 
execute the following commands to replicate the packets on to port 6767:

iptables -A PREROUTING -t mangle -p udp ! -s 127.0.0.1 --dport 67 -j TEE 
--gateway 127.0.0.1
iptables -A OUTPUT -t nat -p udp -s 127.0.0.1/32 --dport 67 -j DNAT --to 
127.0.0.1:6767

When I do this though, I see the mangle rule packet count start to 
skyrocket and the nat rule never sees any packets. When I try a slight 
variation below, I prevent the skyrocketing packet count but the nat 
rule still never kicks in.

iptables -A PREROUTING -t mangle -p udp ! -i lo --dport 67 -j TEE 
--gateway 127.0.0.1

I have tried various combinations of ip_forward and route_localnet


I hope this is the right mailing list and someone could offer some help. 
I can provide nf trace logs if needed, or any other kind of info.

Thanks,

Mike


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: trying to duplicate udp packets destined for port 67 to port 6767 on same host
  2019-12-10  3:22 trying to duplicate udp packets destined for port 67 to port 6767 on same host Mike
@ 2019-12-18  6:04 ` Duncan Roe
  0 siblings, 0 replies; 2+ messages in thread
From: Duncan Roe @ 2019-12-18  6:04 UTC (permalink / raw)
  To: Mike; +Cc: Netfilter, Netfilter Development

Hi Mike,

On Mon, Dec 09, 2019 at 09:22:30PM -0600, Mike wrote:
> I have a DHCP server on a host but also want to run openHAB which has the
> ability to listen on port 6767 for DHCP requests. The docs say to execute
> the following commands to replicate the packets on to port 6767:
>
> iptables -A PREROUTING -t mangle -p udp ! -s 127.0.0.1 --dport 67 -j TEE
> --gateway 127.0.0.1
> iptables -A OUTPUT -t nat -p udp -s 127.0.0.1/32 --dport 67 -j DNAT --to
> 127.0.0.1:6767
>
> When I do this though, I see the mangle rule packet count start to skyrocket
> and the nat rule never sees any packets. When I try a slight variation
> below, I prevent the skyrocketing packet count but the nat rule still never
> kicks in.
>
> iptables -A PREROUTING -t mangle -p udp ! -i lo --dport 67 -j TEE --gateway
> 127.0.0.1
>
> I have tried various combinations of ip_forward and route_localnet
>
>
> I hope this is the right mailing list and someone could offer some help. I
> can provide nf trace logs if needed, or any other kind of info.
>
> Thanks,
>
> Mike
>
You should be able to achieve this using the NFQUEUE target. Your nfq
application opens a udp socket to port 6767 and duplicates incoming packets to
port DHCP to this socket, using regular sendto() calls. Then it accepts the
packet, so DHCP gets to see it.

Cheers ... Duncan.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-12-18  6:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-10  3:22 trying to duplicate udp packets destined for port 67 to port 6767 on same host Mike
2019-12-18  6:04 ` Duncan Roe

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.