lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4801A8EE.3040808@trash.net>
Date:	Sun, 13 Apr 2008 08:32:14 +0200
From:	Patrick McHardy <kaber@...sh.net>
To:	Gabor Fekete <kotrelmaller.borgenbach@...il.com>
CC:	netdev@...r.kernel.org,
	Netfilter Development Mailinglist 
	<netfilter-devel@...r.kernel.org>
Subject: Re: raw socket and iptables rules

Gabor Fekete wrote:
> Hi,
> 
> I'm writing a C code that sends IP datagrams using a RAW socket.
> The only problem I have is that it seems that the MASQUERADE rule
> I have does not apply for the packets sent via this socket.
> 
> Is it so, that raw sockets bypass iptables?
> What can I do to make iptables to process these packets?


MASQUERADE leaves packets with saddr=0.0.0.0 pass without SNAT.
So that might be the reason. Another possibility is that these
packets match an existing connection, the NAT table only sees
the first packet of each connection. Third option would be
invalid IP headers, but you'd see a message in that case.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ