FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 01-14-2012, 10:31 AM
Arif Tuhin
 
Default iptable rule for bypassing netfilter queue for a matching address.

I have two iptable rules for userspace modification :*iptable -t mangle -A PREROUTING -p udp --dport 9090 -j NFQUEUE*iptable -t mangle -A OUTPUT -p udp --sport 9090 -j NFQUEUE*I have the following network setup:*client ---------------->Linux Box or router--------------------->server. What i'm trying to achieve is modifying all packets which comes from client to 9090 port of the Linux Box. Also which packets will go from Linux Box to client. I do not want to manipulate both from or to the server.*So the rules i need will work like this:*If packet comes from client to port 9090 i will modify it. Now the router opens symmetric port when it communicates with the server. That means it opens 9090 port when it communicates with the server and hence get modified by the second rule(--sport 9090). I want to avoid this.*The rules will be like this:*1.If packet comes from a specific ip block i will accept it. then i will queue the remaining packets based on the destination port it comes to.*2.If packet goes to a specific ip block i will forward it. I will queue the remaining packets based on the source port information.*Thanks in advance.*



With Best Regards
Ariful Hossain Tuhin
email: 1. etothepowerpi@gmail.com 2. etothepowerpi@hotmail.com 3.etothepowerpi@yahoo.com
skype: freeburn1986
 
Old 01-14-2012, 10:31 AM
Arif Tuhin
 
Default iptable rule for bypassing netfilter queue for a matching address.

I have two iptable rules for userspace modification :*iptable -t mangle -A PREROUTING -p udp --dport 9090 -j NFQUEUE*iptable -t mangle -A OUTPUT -p udp --sport 9090 -j NFQUEUE*I have the following network setup:*client ---------------->Linux Box or router--------------------->server. What i'm trying to achieve is modifying all packets which comes from client to 9090 port of the Linux Box. Also which packets will go from Linux Box to client. I do not want to manipulate both from or to the server.*So the rules i need will work like this:*If packet comes from client to port 9090 i will modify it. Now the router opens symmetric port when it communicates with the server. That means it opens 9090 port when it communicates with the server and hence get modified by the second rule(--sport 9090). I want to avoid this.*The rules will be like this:*1.If packet comes from a specific ip block i will accept it. then i will queue the remaining packets based on the destination port it comes to.*2.If packet goes to a specific ip block i will forward it. I will queue the remaining packets based on the source port information.*Thanks in advance.



With Best Regards
Ariful Hossain Tuhin
email: 1. etothepowerpi@gmail.com 2. etothepowerpi@hotmail.com 3.etothepowerpi@yahoo.com
skype: freeburn1986

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 10:31 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org