Unix Programming - ip rewrite on my firewall?

Author

ip rewrite on my firewall?

G?ranBo

2004-01-23, 4:57 pm

Tracing the "outside" of my firewall using pcaplib raises this question:

outgoing packets have the local source ip rewritten to the address of
the firewall - that ok.

incoming packets have already the local destination ip !??

I'm not tracing any wired protocol, just simple NTP.

Is this a side-effect from the pcap library, catching packets _after_
the rewrite of destination address (the local address).

If this assumption is true - can I trace in an other way to get the
"true" packet contents?

/Göran

2004-01-23, 4:57 pm

> Is this a side-effect from the pcap library, catching packets _after_

quote:

> the rewrite of destination address (the local address).

It must be. I don't see any other way that you could be receiving packets
from the wider internet with local source addresses.

quote:

> If this assumption is true - can I trace in an other way to get the
> "true" packet contents?

I don't know how the kernel is structured. There is probably a patch you can
apply that allows you to do this, or if a patch doesn't exist, this is
probably a very real possibility if you're prepared to tinker with your
kernel.

regards,

C3

2004-01-23, 4:57 pm

> Is this a side-effect from the pcap library, catching packets _after_

quote:

> the rewrite of destination address (the local address).

It must be. I don't see any other way that you could be receiving packets
from the wider internet with local source addresses.

quote:

> If this assumption is true - can I trace in an other way to get the
> "true" packet contents?