On Wed, 30 May 2001, Robert Magier wrote: > BAD_FORWARDIN=eth2 OUT=eth0 > SRC=169.254.199.81 DST=148.81.116.98 > LEN=69 TOS=0x00 PREC=0x00 TTL=127 ID=34055 PROTO=UDP SPT=137 DPT=53 > LEN=49
(snip...) > I want to know what machine is sending this packets, so I set > iptables -t filter -I INPUT -i eth2 -s 169.254.199.81 -j LOG > but it doesn't help > I see logs from FORWARD rules but i do not see any from INPUT rules. This is exactly as it is supposed to be. The flow of packets through the chains changed from the old ipchains based firewalling code of kernels 2.2.x to the new netfilter code in 2.4.x kernels. In particular, upon arriving a packet is examined to find out how it is supposed to be routed (and passes through the PRE-POST ROUTING chains), then if a packet is supposed to be forwarded it goes through the FORWARD chain, if it is directed to one of the local IPs it goes through the INPUT chain. This means that the INPUT and FORWARD chains are mutually exclusive in netfilter (which iptables uses) code. This is the most important difference between netfilter and ipchains, as in the latter all incoming packets went through the input chain regardless of whether they were directed to a local interface or were meant to be forwarded. The bottom line is: if you are an experienced user of ipchains be careful not to make wrong assumptions when using iptables... Bye Giacomo _________________________________________________________________ Giacomo Mulas <[EMAIL PROTECTED], [EMAIL PROTECTED]> _________________________________________________________________ OSSERVATORIO ASTRONOMICO Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel.: +39 070 71180 216 Fax : +39 070 71180 222 _________________________________________________________________ "When the storms are raging around you, stay right where you are" (Freddy Mercury) _________________________________________________________________