Forwarding udp ports iptables packets "lost"?
- by Dindihi
I have a Linux router (Debian 6.x) where i forward some ports to internal services.
Some tcp ports (like 80, 22...) are OK.
I have one Application listening on port 54277udp.
No return is coming from this app, i only get Data on this port.
Router:
cat /proc/sys/net/ipv4/conf/all/rp_filter = 1
cat /proc/sys/net/ipv4/conf/eth0/forwarding = 1
cat /proc/sys/net/ipv4/conf/ppp0/forwarding = 1
$IPTABLES -t nat -I PREROUTING -p udp -i ppp0 --dport 54277 -j DNAT --to-destination $SRV_IP:54277
$IPTABLES -I FORWARD -p udp -d $SRV_IP --dport 54277 -j ACCEPT
Also MASQUERADING internal traffic to ppp0(internet) is active & working.
Default Policy INPUT&OUTPUT&FORWARD is DROP
What is strange, when i do:
tcpdump -p -vvvv -i ppp0 port 54277
I get a lot of traffic:
18:35:43.646133 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29
18:35:43.652301 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29
18:35:43.653324 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29
18:35:43.655795 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29
18:35:43.656727 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29
18:35:43.659719 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57)
source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29
tcpdump -p -i eth0 port 54277 (on the same machine, the router)
i get much less traffic.
also on the destination $SRV_IP there are only a few packets coming in, but not all.
INTERNAL SERVER:
19:15:30.039663 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16
19:15:30.276112 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16
19:15:30.726048 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16
So some udp ports are "ignored/dropped" ?
Any idea what could be wrong?
Edit:
This is strange: The Forward rule has data packets, but the PREROUTING rule has 0 packets...
iptables -nvL -t filter |grep 54277
Chain FORWARD (policy DROP 0 packets, 0 bytes)
168 8401 ACCEPT udp -- * * 0.0.0.0/0 192.168.215.4 state NEW,RELATED,ESTABLISHED udp dpt:54277
iptables -nvL -t nat |grep 54277
Chain PREROUTING (policy ACCEPT 405 packets, 24360 bytes)
0 0 DNAT udp -- ppp0 * 0.0.0.0/0 my.external.ip udp dpt:54277 state NEW,RELATED,ESTABLISHED to:192.168.215.4
