NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Some packets leaving Ethernet interface include a source port value of 1

from [Frank Bulk] [Permanent Link][Original]
To: <netfilter@lists.netfilter.org>
Subject: Some packets leaving Ethernet interface include a source port value of 1
From: "Frank Bulk" <frnkblk@iname.com>
Date: Mon, 30 Oct 2006 21:53:27 -0600
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Organization: iName.com
Reply-to: frnkblk@iname.com
Sender: netfilter-bounces@lists.netfilter.org
Thread-index: Acb8oB8CQyesBfIYTh2dIi0O7bWasg== 
I googled around and I found this addressed in two different threads, but
I'm too dense to know how to resolve this my configuration.
        http://marc.theaimsgroup.com/?l=netfilter&m=114303032503010&w=2
        
http://lists.netfilter.org/pipermail/netfilter/2004-March/051044.html

I have two DHCP servers, one with IP address a.b.c.22 and the other with
a.b.c.23.  These are set up in redundant form, such that if one fails, the
other takes over.  The master and floating IP address, much like VRRP, is
a.b.c.24.  My DHCP relays point to this IP address.  

The DHCP response packets have been given a rule to replace their source
address from the .22 or .23 to the correct .24.  When the DHCP relay was
using a UDP src/dst port of 68/67 we had no problems, with just some of the
DHCP Acks using a source port of 1.  That's not great, but the big problem
started when our DHCP relay started using a UDP src/dst port of 67/67.  Now
most DHCP Offers and Acks have a source port of 1.

The NAT table has this rule:
        -A POSTROUTING -s a.b.c.22 -p udp -m udp --sport 67 -j SNAT
--to-source a.b.c.24 


And here's the output of iptables-save:
# Generated by iptables-save v1.2.11 on Mon Oct 30 21:51:38 2006
*nat
:PREROUTING ACCEPT [692:279420]
:POSTROUTING ACCEPT [1696:186148]
:OUTPUT ACCEPT [2070:309673]
-A POSTROUTING -s a.b.c.22 -o eth0 -p udp -m udp --sport 67 -j SNAT
--to-source a.b.c.24 
COMMIT
# Completed on Mon Oct 30 21:51:38 2006

Here's the relevant portion of my ifconfig:

server1:~# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:E0:81:64:B2:B1  
          inet addr:a.b.c.22  Bcast:a.b.c.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:81ff:fe64:b2b1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:790809 errors:0 dropped:0 overruns:0 frame:0
          TX packets:263333 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:89577696 (85.4 Mb)  TX bytes:71876862 (68.5 Mb)
          Interrupt:20 Base address:0x7000 

eth0:0    Link encap:Ethernet  HWaddr 00:E0:81:64:B2:B1  
          inet addr:a.b.c.24  Bcast:199.120.69.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:20 Base address:0x7000 

Any ideas how to rewrite the POSTROUTING rule so that this works correctly?

Regards,

Frank
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Some packets leaving Ethernet interface include a source port value of 1, Frank Bulk <=
Previous by Date:  Re: Change Source, Wakko Warner
Next by Date:  Does anyone have the tool which could be used for protocol transmission?,
Previous by Thread:  Change Source, Nathaniel Hall
Next by Thread:  Does anyone have the tool which could be used for protocol transmission?,
Indexes:  [Date] [Thread] [Top] [All Lists]