Hi there.
Background:
Clients(10.10.0.0/16) <-> Router(br0:10.10.100.1, eth0:192.168.1.1) <->
Servers(192.168.1.0/25)
Server2: 192.168.1.3
Nat rule on Router:
# WWW-services on Server2
iptables -t nat -A PREROUTING -i br0 -d 192.168.1.130 -p tcp -m tcp
--dport 80 -j DNAT --to-destination 192.168.1.3:80
Some time ago, when the Router kernel was 2.6.8 doing tcpdump -i br0 I
was able to see DNAT'ed traffic like it was seen be clients, e.g
10.10.102.139:* <-> 192.168.1.130:80. Now the router runs 2.6.18,
iptables rules did not change, the picture I see is:
#tcpdump -i br0 -n net 192.168.1.0/24
13:15:32.922055 IP 10.10.102.139.1075 > 192.168.1.3.80: S
401022809:401022809(0) win 65535 <mss 1460,nop,nop,sackOK>
13:15:32.922350 IP 192.168.1.130.80 > 10.10.102.139.1075: S
796867770:796867770(0) ack 401022810 win 5840 <mss 1460,nop,nop,sackOK>
13:15:32.922558 IP 10.10.102.139.1075 > 192.168.1.3.80: . ack 796867771
win 65535
13:15:32.927802 IP 10.10.102.139.1075 > 192.168.1.3.80: P 0:469(469) ack
1 win 65535
13:15:32.928234 IP 192.168.1.130.80 > 10.10.102.139.1075: . ack 470 win
6432
13:15:33.176471 IP 192.168.1.130.80 > 10.10.102.139.1075: . 1:1461(1460)
ack 470 win 6432
13:15:33.176534 IP 192.168.1.130.80 > 10.10.102.139.1075: .
1461:2921(1460) ack 470 win 6432
So it seems like in 2.6.8 tcpdump captured packets before DNAT and after
un-DNAT, but in 2.6.18 tcpdump captures AFTER DNAT, and after un-DNAT.
Can someone comfirm my thoughts?
--
Покотиленко Костик <casper@meteor.dp.ua>
|