[lug] netfilter strangeness
Daniel Webb
lists at danielwebb.us
Mon May 30 00:18:58 MDT 2005
I've been learning how to do iptables filtering along with shaping using tc on
a Linksys WRT54G. Filtering and shaping between hosts on the lan and the
internet is working as expected. What's weird is that lan to lan traffic
doesn't seem to act right.
root at webb:~# iptables -L -t mangle -v -n
Chain PREROUTING (policy ACCEPT 10590 packets, 9383K bytes)
pkts bytes target prot opt in out source destination
10281 9254K MARK all -- eth1 * 192.168.0.0/24 192.168.0.0/24 MARK set 0x5
10280 9254K RETURN all -- eth1 * 192.168.0.0/24 192.168.0.0/24
<snip>
Chain POSTROUTING (policy ACCEPT 309 packets, 40749 bytes)
pkts bytes target prot opt in out source destination
117 10732 MARK all -- * eth1 192.168.0.0/24 192.168.0.0/24 MARK set 0x5
117 10732 RETURN all -- * eth1 192.168.0.0/24 192.168.0.0/24
<snip>
This was after a reboot followed by a file transfer from one machine on the
lan to another. Now, I'm no netfilter expert, but shouldn't the POSTROUTING
ACCEPT counter be as high as the PREROUTING ACCEPT counter? The file transfer
worked fine, so the filter table wasn't dropping any packets (plus, I have
logging rules for all dropped packets right now and there weren't any dropped
packets).
Where are the packets going?
More information about the LUG
mailing list