* Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?
@ 2009-11-04 0:49 Ralph de Boom
2009-11-04 11:16 ` Patrick McHardy
0 siblings, 1 reply; 9+ messages in thread
From: Ralph de Boom @ 2009-11-04 0:49 UTC (permalink / raw)
To: netfilter
Hi there,
Excuse me if this email might go wrong, it's my first message to a
mailing list.
But here's my problem: (And I hope you guys could shed light for me...)
I originally ran Debian Lenny on kernel 2.6.18.
Since today I reinstalled it to Ubuntu Server 9.10 with kernel 2.6.31.
Now I used to do this in lenny:
iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -d 81.4.97.0/24 -j
MARK --set-mark 0x1
This would cause relevant packets to be marked 0x1, which in return I
had a 'ip rule':
my rules look like this:
ip rule show
0: from all lookup local
32760: from all fwmark 0x2 lookup upc
32761: from all fwmark 0x1 lookup xs4all
32762: from 192.168.1.XX lookup xs4all
32763: from 192.168.1.XX lookup upc
32764: from 24.132.104.XXX lookup upc
32765: from 192.168.2.XX lookup xs4all
32766: from all lookup main
32767: from all lookup default
And my 'xs4all' table looks like:
ip route show table xs4all
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.XX
default via 192.168.2.X dev eth0
I know the rule matches packets i make:
iptables -t mangle -v -L
Chain PREROUTING (policy ACCEPT 3111K packets, 1861M bytes)
pkts bytes target prot opt in out source
destination
16 1100 MARK all -- any any 192.168.1.0/24
ip-space.by.proserve.nl/24 MARK xset 0x1/0xffffffff
But somehow the connection is never relayed over the xs4all table...
The changes I've noticed compared to lenny:
iptables now likes to mark my --set-mark 0x1 as a --set-xmark
0x1/0xffffffff
whereas in lenny it would stay a --set-mark 0x1
Would be very pleased if someone could help me in this matter.
Greetings,
Ralph de Boom
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?
2009-11-04 0:49 Iptables v1.4.4 + kernel 2.6.31 mangle marking changed? Ralph de Boom
@ 2009-11-04 11:16 ` Patrick McHardy
2009-11-04 13:15 ` Ralph de Boom
0 siblings, 1 reply; 9+ messages in thread
From: Patrick McHardy @ 2009-11-04 11:16 UTC (permalink / raw)
To: Ralph de Boom; +Cc: netfilter
Ralph de Boom wrote:
> Hi there,
>
> Excuse me if this email might go wrong, it's my first message to a
> mailing list.
>
> But here's my problem: (And I hope you guys could shed light for me...)
>
> I originally ran Debian Lenny on kernel 2.6.18.
> Since today I reinstalled it to Ubuntu Server 9.10 with kernel 2.6.31.
>
> Now I used to do this in lenny:
>
> iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -d 81.4.97.0/24 -j
> MARK --set-mark 0x1
>
> This would cause relevant packets to be marked 0x1, which in return I
> had a 'ip rule':
>
> my rules look like this:
>
> ip rule show
> 0: from all lookup local
> 32760: from all fwmark 0x2 lookup upc
> 32761: from all fwmark 0x1 lookup xs4all
> 32762: from 192.168.1.XX lookup xs4all
> 32763: from 192.168.1.XX lookup upc
> 32764: from 24.132.104.XXX lookup upc
> 32765: from 192.168.2.XX lookup xs4all
> 32766: from all lookup main
> 32767: from all lookup default
>
> And my 'xs4all' table looks like:
>
> ip route show table xs4all
> 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.XX
> default via 192.168.2.X dev eth0
>
>
> I know the rule matches packets i make:
>
> iptables -t mangle -v -L
> Chain PREROUTING (policy ACCEPT 3111K packets, 1861M bytes)
> pkts bytes target prot opt in out source
> destination
> 16 1100 MARK all -- any any 192.168.1.0/24
> ip-space.by.proserve.nl/24 MARK xset 0x1/0xffffffff
>
> But somehow the connection is never relayed over the xs4all table...
>
> The changes I've noticed compared to lenny:
>
> iptables now likes to mark my --set-mark 0x1 as a --set-xmark
> 0x1/0xffffffff
> whereas in lenny it would stay a --set-mark 0x1
>
> Would be very pleased if someone could help me in this matter.
Please try adding a LOG rule directly after the marking rule and
see what it prints out for the MARK= value.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?
2009-11-04 11:16 ` Patrick McHardy
@ 2009-11-04 13:15 ` Ralph de Boom
2009-11-04 14:10 ` Patrick McHardy
0 siblings, 1 reply; 9+ messages in thread
From: Ralph de Boom @ 2009-11-04 13:15 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter
Patrick McHardy schreef:
> Ralph de Boom wrote:
>
>> Hi there,
>>
>> Excuse me if this email might go wrong, it's my first message to a
>> mailing list.
>>
>> But here's my problem: (And I hope you guys could shed light for me...)
>>
>> I originally ran Debian Lenny on kernel 2.6.18.
>> Since today I reinstalled it to Ubuntu Server 9.10 with kernel 2.6.31.
>>
>> Now I used to do this in lenny:
>>
>> iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -d 81.4.97.0/24 -j
>> MARK --set-mark 0x1
>>
>> This would cause relevant packets to be marked 0x1, which in return I
>> had a 'ip rule':
>>
>> my rules look like this:
>>
>> ip rule show
>> 0: from all lookup local
>> 32760: from all fwmark 0x2 lookup upc
>> 32761: from all fwmark 0x1 lookup xs4all
>> 32762: from 192.168.1.XX lookup xs4all
>> 32763: from 192.168.1.XX lookup upc
>> 32764: from 24.132.104.XXX lookup upc
>> 32765: from 192.168.2.XX lookup xs4all
>> 32766: from all lookup main
>> 32767: from all lookup default
>>
>> And my 'xs4all' table looks like:
>>
>> ip route show table xs4all
>> 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.XX
>> default via 192.168.2.X dev eth0
>>
>>
>> I know the rule matches packets i make:
>>
>> iptables -t mangle -v -L
>> Chain PREROUTING (policy ACCEPT 3111K packets, 1861M bytes)
>> pkts bytes target prot opt in out source
>> destination
>> 16 1100 MARK all -- any any 192.168.1.0/24
>> ip-space.by.proserve.nl/24 MARK xset 0x1/0xffffffff
>>
>> But somehow the connection is never relayed over the xs4all table...
>>
>> The changes I've noticed compared to lenny:
>>
>> iptables now likes to mark my --set-mark 0x1 as a --set-xmark
>> 0x1/0xffffffff
>> whereas in lenny it would stay a --set-mark 0x1
>>
>> Would be very pleased if someone could help me in this matter.
>>
>
> Please try adding a LOG rule directly after the marking rule and
> see what it prints out for the MARK= value.
>
>
At first, thanks for helping me out!
Here's the info:
iptables -t mangle -v -L
Chain PREROUTING (policy ACCEPT 42M packets, 25G bytes)
pkts bytes target prot opt in out source
destination
362 84150 MARK all -- any any 192.168.1.0/24
ip-space.by.proserve.nl/24 MARK xset 0x1/0xffffffff
362 84150 LOG all -- any any 192.168.1.0/24
ip-space.by.proserve.nl/24 LOG level debug prefix `fwmark 0x1: '
kern.log:
Nov 4 14:12:58 sakura kernel: [52836.368503] fwmark 0x1: IN=eth1 OUT=
MAC=00:1b:21:2d:a9:fa:00:1b:21:32:99:5f:08:00 SRC=192.168.1.30
DST=81.4.97.200 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9696 DF PROTO=TCP
SPT=61860 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x1
Nov 4 14:13:01 sakura kernel: [52839.368034] fwmark 0x1: IN=eth1 OUT=
MAC=00:1b:21:2d:a9:fa:00:1b:21:32:99:5f:08:00 SRC=192.168.1.30
DST=81.4.97.200 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=11490 DF PROTO=TCP
SPT=61860 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x1
Nov 4 14:13:07 sakura kernel: [52845.370049] fwmark 0x1: IN=eth1 OUT=
MAC=00:1b:21:2d:a9:fa:00:1b:21:32:99:5f:08:00 SRC=192.168.1.30
DST=81.4.97.200 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=15001 DF PROTO=TCP
SPT=61860 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x1
Thanks!
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?
2009-11-04 13:15 ` Ralph de Boom
@ 2009-11-04 14:10 ` Patrick McHardy
2009-11-04 15:53 ` Ralph de Boom
0 siblings, 1 reply; 9+ messages in thread
From: Patrick McHardy @ 2009-11-04 14:10 UTC (permalink / raw)
To: Ralph de Boom; +Cc: netfilter
Ralph de Boom wrote:
> Patrick McHardy schreef:
>> Ralph de Boom wrote:
>>
>>> Hi there,
>>>
>>> Excuse me if this email might go wrong, it's my first message to a
>>> mailing list.
>>>
>>> But here's my problem: (And I hope you guys could shed light for me...)
>>>
>>> I originally ran Debian Lenny on kernel 2.6.18.
>>> Since today I reinstalled it to Ubuntu Server 9.10 with kernel 2.6.31.
>>>
>>> Now I used to do this in lenny:
>>>
>>> iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -d 81.4.97.0/24 -j
>>> MARK --set-mark 0x1
>>>
>>> This would cause relevant packets to be marked 0x1, which in return I
>>> had a 'ip rule':
>>>
>>> my rules look like this:
>>>
>>> ip rule show
>>> 0: from all lookup local
>>> 32760: from all fwmark 0x2 lookup upc
>>> 32761: from all fwmark 0x1 lookup xs4all
>>> 32762: from 192.168.1.XX lookup xs4all
>>> 32763: from 192.168.1.XX lookup upc
>>> 32764: from 24.132.104.XXX lookup upc
>>> 32765: from 192.168.2.XX lookup xs4all
>>> 32766: from all lookup main
>>> 32767: from all lookup default
>>>
>>> And my 'xs4all' table looks like:
>>>
>>> ip route show table xs4all
>>> 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.XX
>>> default via 192.168.2.X dev eth0
>>>
>>>
>>> I know the rule matches packets i make:
>>>
>>> iptables -t mangle -v -L
>>> Chain PREROUTING (policy ACCEPT 3111K packets, 1861M bytes)
>>> pkts bytes target prot opt in out source
>>> destination
>>> 16 1100 MARK all -- any any 192.168.1.0/24
>>> ip-space.by.proserve.nl/24 MARK xset 0x1/0xffffffff
>>>
>>> But somehow the connection is never relayed over the xs4all table...
>>>
>>> The changes I've noticed compared to lenny:
>>>
>>> iptables now likes to mark my --set-mark 0x1 as a --set-xmark
>>> 0x1/0xffffffff
>>> whereas in lenny it would stay a --set-mark 0x1
>>>
>>> Would be very pleased if someone could help me in this matter.
>>>
>>
>> Please try adding a LOG rule directly after the marking rule and
>> see what it prints out for the MARK= value.
>>
>>
> At first, thanks for helping me out!
>
> Here's the info:
>
> iptables -t mangle -v -L
> Chain PREROUTING (policy ACCEPT 42M packets, 25G bytes)
> pkts bytes target prot opt in out source
> destination
> 362 84150 MARK all -- any any 192.168.1.0/24
> ip-space.by.proserve.nl/24 MARK xset 0x1/0xffffffff
> 362 84150 LOG all -- any any 192.168.1.0/24
> ip-space.by.proserve.nl/24 LOG level debug prefix `fwmark 0x1: '
>
> kern.log:
> Nov 4 14:12:58 sakura kernel: [52836.368503] fwmark 0x1: IN=eth1 OUT=
> MAC=00:1b:21:2d:a9:fa:00:1b:21:32:99:5f:08:00 SRC=192.168.1.30
This looks fine, it also works properly for me. Perhaps the
packets are already delivered locally through the "local"
table. The TRACE target should be able to tell you more.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?
2009-11-04 14:10 ` Patrick McHardy
@ 2009-11-04 15:53 ` Ralph de Boom
2009-11-05 11:52 ` Richard Horton
0 siblings, 1 reply; 9+ messages in thread
From: Ralph de Boom @ 2009-11-04 15:53 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter
Patrick McHardy schreef:
> Ralph de Boom wrote:
>
>> Patrick McHardy schreef:
>>
>>> Ralph de Boom wrote:
>>>
>>>
>>>> Hi there,
>>>>
>>>> Excuse me if this email might go wrong, it's my first message to a
>>>> mailing list.
>>>>
>>>> But here's my problem: (And I hope you guys could shed light for me...)
>>>>
>>>> I originally ran Debian Lenny on kernel 2.6.18.
>>>> Since today I reinstalled it to Ubuntu Server 9.10 with kernel 2.6.31.
>>>>
>>>> Now I used to do this in lenny:
>>>>
>>>> iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -d 81.4.97.0/24 -j
>>>> MARK --set-mark 0x1
>>>>
>>>> This would cause relevant packets to be marked 0x1, which in return I
>>>> had a 'ip rule':
>>>>
>>>> my rules look like this:
>>>>
>>>> ip rule show
>>>> 0: from all lookup local
>>>> 32760: from all fwmark 0x2 lookup upc
>>>> 32761: from all fwmark 0x1 lookup xs4all
>>>> 32762: from 192.168.1.XX lookup xs4all
>>>> 32763: from 192.168.1.XX lookup upc
>>>> 32764: from 24.132.104.XXX lookup upc
>>>> 32765: from 192.168.2.XX lookup xs4all
>>>> 32766: from all lookup main
>>>> 32767: from all lookup default
>>>>
>>>> And my 'xs4all' table looks like:
>>>>
>>>> ip route show table xs4all
>>>> 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.XX
>>>> default via 192.168.2.X dev eth0
>>>>
>>>>
>>>> I know the rule matches packets i make:
>>>>
>>>> iptables -t mangle -v -L
>>>> Chain PREROUTING (policy ACCEPT 3111K packets, 1861M bytes)
>>>> pkts bytes target prot opt in out source
>>>> destination
>>>> 16 1100 MARK all -- any any 192.168.1.0/24
>>>> ip-space.by.proserve.nl/24 MARK xset 0x1/0xffffffff
>>>>
>>>> But somehow the connection is never relayed over the xs4all table...
>>>>
>>>> The changes I've noticed compared to lenny:
>>>>
>>>> iptables now likes to mark my --set-mark 0x1 as a --set-xmark
>>>> 0x1/0xffffffff
>>>> whereas in lenny it would stay a --set-mark 0x1
>>>>
>>>> Would be very pleased if someone could help me in this matter.
>>>>
>>>>
>>> Please try adding a LOG rule directly after the marking rule and
>>> see what it prints out for the MARK= value.
>>>
>>>
>>>
>> At first, thanks for helping me out!
>>
>> Here's the info:
>>
>> iptables -t mangle -v -L
>> Chain PREROUTING (policy ACCEPT 42M packets, 25G bytes)
>> pkts bytes target prot opt in out source
>> destination
>> 362 84150 MARK all -- any any 192.168.1.0/24
>> ip-space.by.proserve.nl/24 MARK xset 0x1/0xffffffff
>> 362 84150 LOG all -- any any 192.168.1.0/24
>> ip-space.by.proserve.nl/24 LOG level debug prefix `fwmark 0x1: '
>>
>> kern.log:
>> Nov 4 14:12:58 sakura kernel: [52836.368503] fwmark 0x1: IN=eth1 OUT=
>> MAC=00:1b:21:2d:a9:fa:00:1b:21:32:99:5f:08:00 SRC=192.168.1.30
>>
>
> This looks fine, it also works properly for me. Perhaps the
> packets are already delivered locally through the "local"
> table. The TRACE target should be able to tell you more.
>
Right, at this point you've lost me, how I will manage to do that, and
where does the infomation get stored?
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?
2009-11-04 15:53 ` Ralph de Boom
@ 2009-11-05 11:52 ` Richard Horton
2009-11-05 17:53 ` Ralph de Boom
0 siblings, 1 reply; 9+ messages in thread
From: Richard Horton @ 2009-11-05 11:52 UTC (permalink / raw)
To: Ralph de Boom; +Cc: Patrick McHardy, netfilter
>
> Right, at this point you've lost me, how I will manage to do that, and where
> does the infomation get stored?
You will need to turn trace on...
iptables -A PREROUTING -t raw -J TRACE will turn tracing on for everything.
The information is then stored in the syslog as per your syslog
configuration - TRACE will show which rules etc your packets have
encountered.
--
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
http://www.pbase.com/arimus - My online photogallery
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?
2009-11-05 11:52 ` Richard Horton
@ 2009-11-05 17:53 ` Ralph de Boom
2009-11-10 17:34 ` Ralph de Boom
0 siblings, 1 reply; 9+ messages in thread
From: Ralph de Boom @ 2009-11-05 17:53 UTC (permalink / raw)
To: Richard Horton; +Cc: Patrick McHardy, netfilter
Richard Horton schreef:
>> Right, at this point you've lost me, how I will manage to do that, and where
>> does the infomation get stored?
>>
>
> You will need to turn trace on...
> iptables -A PREROUTING -t raw -J TRACE will turn tracing on for everything.
>
> The information is then stored in the syslog as per your syslog
> configuration - TRACE will show which rules etc your packets have
> encountered.
>
>
Ok got that since kern.log will get majorly flooded I grepped the output.
If needed I can attach the whole log?
cat kern.log | grep 81.4.97.
Nov 5 18:48:14 sakura kernel: [ 194.028498] fwmark 0x1: IN=eth1 OUT=
MAC=00:1b:21:2d:a9:fa:00:1b:21:32:99:5f:08:00 SRC=192.168.1.30
DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=13005 DF PROTO=TCP
SPT=52436 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x1
Nov 5 18:48:14 sakura kernel: [ 194.028527] TRACE:
mangle:PREROUTING:policy:3 IN=eth1 OUT=
MAC=00:1b:21:2d:a9:fa:00:1b:21:32:99:5f:08:00 SRC=192.168.1.30
DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=13005 DF PROTO=TCP
SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0
OPT (0204116C01010402) MARK=0x1
Nov 5 18:48:14 sakura kernel: [ 194.028570] TRACE:
mangle:FORWARD:policy:1 IN=eth1 OUT=eth0 SRC=192.168.1.30
DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13005 DF PROTO=TCP
SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0
OPT (0204116C01010402) MARK=0x1
Nov 5 18:48:14 sakura kernel: [ 194.028598] TRACE:
filter:FORWARD:rule:1 IN=eth1 OUT=eth0 SRC=192.168.1.30 DST=81.4.97.160
LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13005 DF PROTO=TCP SPT=52436 DPT=80
SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT
(0204116C01010402) MARK=0x1
Nov 5 18:48:14 sakura kernel: [ 194.028626] TRACE:
mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=192.168.1.30
DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13005 DF PROTO=TCP
SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0
OPT (0204116C01010402) MARK=0x1
Nov 5 18:48:14 sakura kernel: [ 194.149805] TRACE:
raw:PREROUTING:policy:2 IN=eth0 OUT=
MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 ACK
SYN URGP=0 OPT (020405B401010402)
Nov 5 18:48:14 sakura kernel: [ 194.149861] TRACE:
mangle:PREROUTING:policy:3 IN=eth0 OUT=
MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 ACK
SYN URGP=0 OPT (020405B401010402)
Nov 5 18:48:15 sakura kernel: [ 195.173980] TRACE:
raw:PREROUTING:policy:2 IN=eth0 OUT=
MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 ACK
SYN URGP=0 OPT (020405B401010402)
Nov 5 18:48:15 sakura kernel: [ 195.174046] TRACE:
mangle:PREROUTING:policy:3 IN=eth0 OUT=
MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 ACK
SYN URGP=0 OPT (020405B401010402)
Nov 5 18:48:27 sakura kernel: [ 207.173329] TRACE:
raw:PREROUTING:policy:2 IN=eth0 OUT=
MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 ACK
SYN URGP=0 OPT (020405B401010402)
Nov 5 18:48:27 sakura kernel: [ 207.173394] TRACE:
mangle:PREROUTING:policy:3 IN=eth0 OUT=
MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 ACK
SYN URGP=0 OPT (020405B401010402)
Nov 5 18:48:52 sakura kernel: [ 231.380824] TRACE:
raw:PREROUTING:policy:2 IN=eth0 OUT=
MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 ACK
SYN URGP=0 OPT (020405B401010402)
Nov 5 18:48:52 sakura kernel: [ 231.380891] TRACE:
mangle:PREROUTING:policy:3 IN=eth0 OUT=
MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 ACK
SYN URGP=0 OPT (020405B401010402)
Nov 5 18:49:40 sakura kernel: [ 279.579532] TRACE:
raw:PREROUTING:policy:2 IN=eth0 OUT=
MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 ACK
SYN URGP=0 OPT (020405B401010402)
Nov 5 18:49:40 sakura kernel: [ 279.579591] TRACE:
mangle:PREROUTING:policy:3 IN=eth0 OUT=
MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00 ACK
SYN URGP=0 OPT (020405B401010402)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?
2009-11-05 17:53 ` Ralph de Boom
@ 2009-11-10 17:34 ` Ralph de Boom
2009-11-11 8:33 ` Richard Horton
0 siblings, 1 reply; 9+ messages in thread
From: Ralph de Boom @ 2009-11-10 17:34 UTC (permalink / raw)
To: Richard Horton; +Cc: Patrick McHardy, netfilter
Ralph de Boom schreef:
> Richard Horton schreef:
>>> Right, at this point you've lost me, how I will manage to do that,
>>> and where
>>> does the infomation get stored?
>>>
>>
>> You will need to turn trace on...
>> iptables -A PREROUTING -t raw -J TRACE will turn tracing on for
>> everything.
>>
>> The information is then stored in the syslog as per your syslog
>> configuration - TRACE will show which rules etc your packets have
>> encountered.
>>
>>
> Ok got that since kern.log will get majorly flooded I grepped the output.
> If needed I can attach the whole log?
>
> cat kern.log | grep 81.4.97.
>
> Nov 5 18:48:14 sakura kernel: [ 194.028498] fwmark 0x1: IN=eth1 OUT=
> MAC=00:1b:21:2d:a9:fa:00:1b:21:32:99:5f:08:00 SRC=192.168.1.30
> DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=13005 DF
> PROTO=TCP SPT=52436 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x1
> Nov 5 18:48:14 sakura kernel: [ 194.028527] TRACE:
> mangle:PREROUTING:policy:3 IN=eth1 OUT=
> MAC=00:1b:21:2d:a9:fa:00:1b:21:32:99:5f:08:00 SRC=192.168.1.30
> DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=13005 DF
> PROTO=TCP SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00
> SYN URGP=0 OPT (0204116C01010402) MARK=0x1
> Nov 5 18:48:14 sakura kernel: [ 194.028570] TRACE:
> mangle:FORWARD:policy:1 IN=eth1 OUT=eth0 SRC=192.168.1.30
> DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13005 DF
> PROTO=TCP SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00
> SYN URGP=0 OPT (0204116C01010402) MARK=0x1
> Nov 5 18:48:14 sakura kernel: [ 194.028598] TRACE:
> filter:FORWARD:rule:1 IN=eth1 OUT=eth0 SRC=192.168.1.30
> DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13005 DF
> PROTO=TCP SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00
> SYN URGP=0 OPT (0204116C01010402) MARK=0x1
> Nov 5 18:48:14 sakura kernel: [ 194.028626] TRACE:
> mangle:POSTROUTING:policy:1 IN= OUT=eth0 SRC=192.168.1.30
> DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13005 DF
> PROTO=TCP SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00
> SYN URGP=0 OPT (0204116C01010402) MARK=0x1
> Nov 5 18:48:14 sakura kernel: [ 194.149805] TRACE:
> raw:PREROUTING:policy:2 IN=eth0 OUT=
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov 5 18:48:14 sakura kernel: [ 194.149861] TRACE:
> mangle:PREROUTING:policy:3 IN=eth0 OUT=
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov 5 18:48:15 sakura kernel: [ 195.173980] TRACE:
> raw:PREROUTING:policy:2 IN=eth0 OUT=
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov 5 18:48:15 sakura kernel: [ 195.174046] TRACE:
> mangle:PREROUTING:policy:3 IN=eth0 OUT=
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov 5 18:48:27 sakura kernel: [ 207.173329] TRACE:
> raw:PREROUTING:policy:2 IN=eth0 OUT=
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov 5 18:48:27 sakura kernel: [ 207.173394] TRACE:
> mangle:PREROUTING:policy:3 IN=eth0 OUT=
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov 5 18:48:52 sakura kernel: [ 231.380824] TRACE:
> raw:PREROUTING:policy:2 IN=eth0 OUT=
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov 5 18:48:52 sakura kernel: [ 231.380891] TRACE:
> mangle:PREROUTING:policy:3 IN=eth0 OUT=
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov 5 18:49:40 sakura kernel: [ 279.579532] TRACE:
> raw:PREROUTING:policy:2 IN=eth0 OUT=
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00
> ACK SYN URGP=0 OPT (020405B401010402)
> Nov 5 18:49:40 sakura kernel: [ 279.579591] TRACE:
> mangle:PREROUTING:policy:3 IN=eth0 OUT=
> MAC=00:50:bf:65:b7:c1:00:18:39:27:fc:5a:08:00 SRC=81.4.97.160
> DST=192.168.2.40 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=TCP
> SPT=80 DPT=52436 SEQ=3690844742 ACK=2949910604 WINDOW=5840 RES=0x00
> ACK SYN URGP=0 OPT (020405B401010402)
Im pretty patient, but since I haven't seen a response in a week I'm
poking you guys again.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Iptables v1.4.4 + kernel 2.6.31 mangle marking changed?
2009-11-10 17:34 ` Ralph de Boom
@ 2009-11-11 8:33 ` Richard Horton
0 siblings, 0 replies; 9+ messages in thread
From: Richard Horton @ 2009-11-11 8:33 UTC (permalink / raw)
To: netfilter
2009/11/10 Ralph de Boom <lkml@deboom.biz>:
> Ralph de Boom schreef:
Nov 5 18:48:14 sakura kernel: [ 194.028598] TRACE:
filter:FORWARD:rule:1 IN=eth1 OUT=eth0 SRC=192.168.1.30
DST=81.4.97.160 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=13005 DF
PROTO=TCP SPT=52436 DPT=80 SEQ=2949910603 ACK=0 WINDOW=8192 RES=0x00
SYN URGP=0 OPT (0204116C01010402) MARK=0x1
Ralph, only the entry above is from one of your iptable rules which
looks like the rules you are using to carry out the packet
mangling/nat/etc are not being hit - all the others are 'policy'
entries which are basically just saying oh look I went via 'x using
chain y'....
--
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
http://www.pbase.com/arimus - My online photogallery
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2009-11-11 8:33 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-11-04 0:49 Iptables v1.4.4 + kernel 2.6.31 mangle marking changed? Ralph de Boom
2009-11-04 11:16 ` Patrick McHardy
2009-11-04 13:15 ` Ralph de Boom
2009-11-04 14:10 ` Patrick McHardy
2009-11-04 15:53 ` Ralph de Boom
2009-11-05 11:52 ` Richard Horton
2009-11-05 17:53 ` Ralph de Boom
2009-11-10 17:34 ` Ralph de Boom
2009-11-11 8:33 ` Richard Horton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.