Re: Difrents INPUT/FORWARD -logging
On Wed, 30 May 2001, Robert Magier wrote:
> BAD_FORWARDIN=eth2 OUT=eth0
> SRC=169.254.199.81 DST=148.81.116.98
> LEN=69 TOS=0x00 PREC=0x00 TTL=127 ID=34055 PROTO=UDP SPT=137 DPT=53 LEN=49
(snip...)
> I want to know what machine is sending this packets, so I set
> iptables -t filter -I INPUT -i eth2 -s 169.254.199.81 -j LOG
> but it doesn't help
> I see logs from FORWARD rules but i do not see any from INPUT rules.
This is exactly as it is supposed to be. The flow of packets through the
chains changed from the old ipchains based firewalling code of
kernels 2.2.x to the new netfilter code in 2.4.x kernels. In particular,
upon arriving a packet is examined to find out how it is supposed to be
routed (and passes through the PRE-POST ROUTING chains), then if a packet
is supposed to be forwarded it goes through the FORWARD chain, if it is
directed to one of the local IPs it goes through the INPUT chain. This
means that the INPUT and FORWARD chains are mutually exclusive in
netfilter (which iptables uses) code. This is the most important
difference between netfilter and ipchains, as in the latter all incoming
packets went through the input chain regardless of whether they were
directed to a local interface or were meant to be forwarded.
The bottom line is: if you are an experienced user of ipchains be careful
not to make wrong assumptions when using iptables...
Bye
Giacomo
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel.: +39 070 71180 216 Fax : +39 070 71180 222
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to: