Does this mean, there is an appropriate listening socket in the user space? Apart from IP_TRANSPARENT for the socket option, is there any thing else to be done before binding a socket? TIA 2008/10/29 Balazs Scheidler <bazsi@balabit.hu>:
On Tue, 2008-10-28 at 18:22 +0530, Arun Srinivasan wrote:
Hi all,
A general question:
Say I have the following rules configured:
+++++++++++++++++++++++++++++ iptables -t mangle -N DIVERT iptables -t mangle -I PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 0x1 iptables -t mangle -A DIVERT -j ACCEPT ++++++++++++++++++++++++++++++++++++
In which case can the tcp packets go without hitting the rule "iptables -t mangle -I PREROUTING -p tcp -m socket -j DIVERT"?
if there's no applicable local socket to the packet in question, then -m socket will not match.
a socket is applicable if the associated tuple (local ip:port, remote ip:port) matches the packet.
related ICMP packets also match.
-- Bazsi
-- Regards, Arun S.