Forwarding udp ports iptables packets "lost"?

Posted by Dindihi on Server Fault See other posts from Server Fault or by Dindihi
Published on 2012-12-17T18:07:56Z Indexed on 2012/12/17 23:05 UTC
Read the original article Hit count: 529

Filed under:
|
|

I have a Linux router (Debian 6.x) where i forward some ports to internal services. Some tcp ports (like 80, 22...) are OK.

I have one Application listening on port 54277udp. No return is coming from this app, i only get Data on this port.

Router:

cat /proc/sys/net/ipv4/conf/all/rp_filter = 1
cat /proc/sys/net/ipv4/conf/eth0/forwarding = 1
cat /proc/sys/net/ipv4/conf/ppp0/forwarding = 1

$IPTABLES -t nat -I PREROUTING -p udp -i ppp0 --dport 54277 -j DNAT --to-destination $SRV_IP:54277
$IPTABLES -I FORWARD -p udp -d $SRV_IP --dport 54277 -j ACCEPT

Also MASQUERADING internal traffic to ppp0(internet) is active & working.

Default Policy INPUT&OUTPUT&FORWARD is DROP

What is strange, when i do:

tcpdump -p -vvvv -i ppp0 port 54277

I get a lot of traffic:

18:35:43.646133 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
    source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29
18:35:43.652301 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
    source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29
18:35:43.653324 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
    source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29
18:35:43.655795 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
    source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29
18:35:43.656727 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
    source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29
18:35:43.659719 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
    source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29

tcpdump -p -i eth0 port 54277 (on the same machine, the router) i get much less traffic.

also on the destination $SRV_IP there are only a few packets coming in, but not all.

INTERNAL SERVER:

19:15:30.039663 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16
19:15:30.276112 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16
19:15:30.726048 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16

So some udp ports are "ignored/dropped" ?

Any idea what could be wrong?

Edit:

This is strange: The Forward rule has data packets, but the PREROUTING rule has 0 packets...

iptables -nvL -t filter |grep 54277
Chain FORWARD (policy DROP 0 packets, 0 bytes) 
168  8401 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.215.4       state NEW,RELATED,ESTABLISHED udp dpt:54277

iptables -nvL -t nat |grep 54277
Chain PREROUTING (policy ACCEPT 405 packets, 24360 bytes) 
0     0 DNAT       udp  --  ppp0   *       0.0.0.0/0            my.external.ip      udp dpt:54277 state NEW,RELATED,ESTABLISHED to:192.168.215.4

© Server Fault or respective owner

Related posts about linux

Related posts about iptables