[lug] netfilter strangeness
David Anselmi
anselmi at anselmi.us
Mon May 30 10:21:33 MDT 2005
Daniel Webb wrote:
> I've been learning how to do iptables filtering along with shaping using tc on
> a Linksys WRT54G.
That's cool, but why? Might make an interesting LUG talk.
[...]
> root at webb:~# iptables -L -t mangle -v -n
> Chain PREROUTING (policy ACCEPT 10590 packets, 9383K bytes)
> pkts bytes target prot opt in out source destination
> 10281 9254K MARK all -- eth1 * 192.168.0.0/24 192.168.0.0/24 MARK set 0x5
> 10280 9254K RETURN all -- eth1 * 192.168.0.0/24 192.168.0.0/24
>
> <snip>
>
> Chain POSTROUTING (policy ACCEPT 309 packets, 40749 bytes)
> pkts bytes target prot opt in out source destination
> 117 10732 MARK all -- * eth1 192.168.0.0/24 192.168.0.0/24 MARK set 0x5
> 117 10732 RETURN all -- * eth1 192.168.0.0/24 192.168.0.0/24
>
> This was after a reboot followed by a file transfer from one machine on the
> lan to another. Now, I'm no netfilter expert, but shouldn't the POSTROUTING
> ACCEPT counter be as high as the PREROUTING ACCEPT counter?
No. You're looking at packets coming in eth1 vs. going out eth1--why
should they be the same? You see that the incoming packets are around
900B on average while the outgoing packets are around 90B. So that
looks like the file transfer is coming from a machine hooked to eth1
(big data packets coming in, small acks going out). Naturally the data
packets go out the interface hooked to the receiving machine.
I wonder how the LAN ports are wired? Does each show up as a different
interface? Seems like they do so you must have some bridging going on.
That seems to complicate the tables and chains that the packets traverse.
Be interesting to poke around inside one of these.
Dave
More information about the LUG
mailing list