Questions tagged [netfilter]
The netfilter tag has no usage guidance.
8
questions
0
votes
0
answers
103
views
Linux netfilter: How to capture, modify and retransmit packets that my host is sending to a specific destination?
I am trying to write a linux service that captures the packets that go from my personal server to a specific destination and performs necessary changes to them. More specifically, i want to find all ...
0
votes
1
answer
37
views
Why does it go through netfilter postrouting when visiting local ports?
Environment:
[root@VM-32-4-centos ~]# uname -r
3.10.0-514.26.2.el7.x86_64
I have set log printing in the following chain:
[root@VM-32-4-centos ~]# iptables -A INPUT -p tcp --dport 8000 -j LOG --log-...
1
vote
1
answer
310
views
Linux conntrack not seeing multicast responses as part of the same flow
My tv (192.168.1.48) is multicasting an SSDP packet (to 239.255.255.250:1900), and on my server (192.168.1.17), by running smcroute and doing some packet mangling to increase the IP TTL of this ...
- 250
0
votes
0
answers
273
views
nftables rules syantax getting error in adding rule
I am trying to add this rule
nft insert rule ip nat PREROUTING iifname enp0s3 udp dport 9100 counter dnat to 192.168.150.2
I am getting this error
[root@ph3ro]# nft insert rule ip nat PREROUTING ...
- 143
1
vote
0
answers
787
views
UDP packets dropped with `ctstate=INVALID`, but meanwhile its connection `[ASSURED]` in conntrack list
I have my router connecting to a remote VPS as so-called 'VPN' that is based on UDP protocol, then the VPS traffic slows down in few seconds after a new reboot.
I can see a huge amount of incoming ...
- 11
1
vote
0
answers
424
views
iptables DNAT traffic to localhost weird behavior
I hit a problem when trying to understand how iptables handles DNATed packet..
I run a server at localhost:8000, and I added a rule to nat table:
-A OUTPUT -d 1.2.3.4/32 -p tcp -m tcp --dport 80 -j ...
- 11
1
vote
0
answers
592
views
Packets disappearing between forward and postrouting hooks
I can see packets getting logged/accepted in the forward chain and they're correctly tagged with the right outbound interface, but they never hit the rule in the postrouting chain and tcpdump never ...
- 568
1
vote
1
answer
1k
views
Conntrack empty within a Docker container
Does anyone of you have experience with the use of conntrack in a containerized environment? I am running a regular alpine docker container with docker run --network bridge --privileged --cap-add all -...
- 21